| VID |
22314 |
| Severity |
40 |
| Port |
8080,3128 |
| Protocol |
TCP |
| Class |
Webproxy |
| Detailed Description |
The relevant host is running a version of Squid caching proxy which is older than 2.5-STABLE7. Squid is a freely available Web Proxy server for Linux and Unix distributions. Squid Web Proxy Cache versions prior to 2.5.STABLE8 are vulnerable to multiple vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system.
* Note: This check solely relied on the version number of the remote Squid Web Proxy Cache server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/13843/
http://www.squid-cache.org/Versions/v2/2.5/bugs
* Platforms Affected:
National Science Foundation, Squid Web Proxy Cache versions prior to 2.5.STABLE8
Linux Any version
Unix Any version |
| Recommendation |
Apply all the squid-2.5.STABLE7 and squid-2.5.STABLE8 patches, available from the Squid Web Proxy Cache Web site at http://www.squid-cache.org/Versions/v2/2.5/bugs |
| Related URL |
CVE-2005-0095,CVE-2005-0094,CVE-2005-0175,CVE-2005-0241,CVE-2005-0211,CVE-2005-0173 (CVE) |
| Related URL |
12275,12276,12412,12433,12432,12431 (SecurityFocus) |
| Related URL |
18884,18888,19060,19142,18983 (ISS) |
|
