| VID |
22363 |
| Severity |
30 |
| Port |
8080,3128 |
| Protocol |
TCP |
| Class |
Webproxy |
| Detailed Description |
The relevant host is running a version of Squid caching proxy which is older or as old as than 2.5.STABLE9. Squid is a freely available Web Proxy server for Linux and Unix distributions. Squid Web Proxy Cache versions 2.5.STABLE7 to 2.5.STABLE9 are vulnerable to an information disclosure vulnerability, caused by a race condition when using the Netscape Set-Cookie recommendations for handling cookies in caches. If a requested server relies on the Netscape Set-Cookie header specification, a memory leak would result, allowing a remote attacker to obtain Set-Cookie headers. Information gathered through exploiting this issue may aid in further attacks against services related to the cookie, potentially allowing for session hijacking.
* Note: This check solely relied on the banner of the remote Squid Web Proxy Cache server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/14451/
* Platforms Affected:
National Science Foundation, Squid Web Proxy Cache 2.5.STABLE7 to 9
Linux Any version
Unix Any version |
| Recommendation |
Apply the 2.5.STABLE9-setcookie patch, available from the Squid 2.5 Patches Web page at http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie |
| Related URL |
CVE-2005-0626 (CVE) |
| Related URL |
12716 (SecurityFocus) |
| Related URL |
19581 (ISS) |
|
