Squid Malformed Host Name Error Message Information Disclosure

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.

Synopsis :

The remote service is vulnerable to information disclosure.

Description :

The remote host running a Squid proxy on this port.

There is a vulnerability in the remote version of this software which may
allow an attacker to disclose the content of its memory by causing the
use of a freed pointer.

See also :


Solution :

Apply the vendor released patch, for squid it is located here:
www.squid-cache.org. You can also protect yourself by enabling
access lists on your proxy.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 15929 ()

Bugtraq ID: 11865

CVE ID: CVE-2004-2479