CVE-2005-0174

Publication date 7 February 2005

Last updated 17 July 2025

Ubuntu priority

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
squid	7.04 feisty	Fixed 2.6.5-4ubuntu2
	6.10 edgy	Fixed 2.6.1-3ubuntu1.3
	6.06 LTS dapper	Fixed 2.5.12-4ubuntu2.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-77-1
Squid vulnerabilities
8 February 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0174