| VID |
22309 |
| Severity |
20 |
| Port |
8080,3128 |
| Protocol |
TCP |
| Class |
Webproxy |
| Detailed Description |
The Squid caching proxy is vulnerable to a memory disclosure vulnerability. Squid is a freely available Web Proxy server for Linux and Unix distributions. Squid Web Proxy Cache version 2.5 could allow a remote attacker to disclose the content of its memory. The vulnerability is caused due to an error when returning error messages in response to malformed host names. This may in certain circumstances leak random information about e.g. other requests in the error messages.
* References:
http://secunia.com/advisories/13408/
http://www.squid-cache.org/bugs/show_bug.cgi?id=1143
* Platforms Affected:
National Science Foundation, Squid Web Proxy Cache 2.5
Any operating system Any version |
| Recommendation |
Apply the 2.5.STABLE7-dothost patch, available from the Squid Web Proxy Cache Web site at http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-dothost.patch |
| Related URL |
CVE-2004-2479 (CVE) |
| Related URL |
11865 (SecurityFocus) |
| Related URL |
18406 (ISS) |
|
