Red Hat Bugzilla – Bug 742891
CVE-2011-3596 polipo: Assertion failure by processing certain HTTP POST / PUT requests
Last modified: 2015-08-22 11:29:22 EDT
A denial of service flaw was found in the way Polipo, a lightweight caching web proxy, processed certain HTTP POST / PUT requests. If polipo was configured to allow remote client connections and particular host was allowed to connect to polipo server instance, a remote attacker could use this flaw to cause denial of service (polipo daemon abort due to assertion failure) via specially-crafted HTTP POST / PUT request.
Created attachment 526009 [details]
Local copy of the reproducer / PoC file from 
This issue affects the versions of the polipo package, as shipped with Fedora release of 14 and 15. Please schedule an update once final upstream patch ready.
This issue affects the versions of the polipo package, as present within EPEL-5 and EPEL-6 repositories. Please schedule an update once final upstream patch ready.
Created polipo tracking bugs for this issue
Affects: fedora-all [bug 742897]
Affects: epel-all [bug 742898]
This issue has been assigned the name CVE-2011-3596:
According to a post on oss-security , this is the fix for this flaw:
But it is not yet on the github master.