This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
An update for squid34 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The squid34 packages provide version 3.4 of Squid, a high-performance
proxy caching server for web clients, supporting FTP, Gopher, and HTTP
Security Fix(es) :
* It was found that squid did not properly remove connection specific
headers when answering conditional requests using a cached request. A
remote attacker could send a specially crafted request to an HTTP
server via the squid proxy and steal private data from other
See also :
Update the affected squid34 and / or squid34-debuginfo packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false