Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Squid < 2.5.STABLE10 Set-Cookie Authentication Information Disclosure

Low

Synopsis

The remote host may facilitate the theft of authentication data.

Description

The remote Squid caching proxy, according to its version number, is vulnerable to an attack where the attacker gains access to Set-Cookie headers for another user. Such an attack would allow the attacker to gain access to resources with the credentials of another user.

Solution

Upgrade to squid 2.5.STABLE10 or higher.