FreeBSD : squid -- multiple vulnerabilities (41f8af15-c8b9-11e6-ae1b-002590263bf5)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Squid security advisory 2016:10 reports :

Due to incorrect comparison of request headers Squid can deliver
responses containing private data to clients it should not have
reached.

This problem allows a remote attacker to discover private and
sensitive information about another clients browsing session.
Potentially including credentials which allow access to further
sensitive resources. This problem only affects Squid configured to use
the Collapsed Forwarding feature. It is of particular importance for
HTTPS reverse-proxy sites with Collapsed Forwarding.

Squid security advisory 2016:11 reports :

Due to incorrect HTTP conditional request handling Squid can deliver
responses containing private data to clients it should not have
reached.

This problem allows a remote attacker to discover private and
sensitive information about another clients browsing session.
Potentially including credentials which allow access to further
sensitive resources..

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215416
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215418
http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
http://www.nessus.org/u?56058517

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96117 ()

Bugtraq ID:

CVE ID: CVE-2016-10002
CVE-2016-10003

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now