icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Squid 2.5.x < 2.5.STABLE8 Information Disclosure

Medium

Synopsis

The remote proxy server can be tricked into disclosing portions of its memory.

Description

The remote host running a Squid proxy on this port. There is a vulnerability in the remote version of this software that may allow an attacker to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.

Solution

Upgrade to Squid 2.5.STABLE8, 3.0-PRE4, or apply the vendor patches.