CVE-2005-0626
EPSS 0.09%
Description
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
How to fix CVE-2005-0626
To remediate CVE-2005-0626, upgrade the affected package to a fixed version below.
- Debian/squid—upgrade to 2.5.9-2 or later
Is CVE-2005-0626 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.5.9-2