Squid < 2.5.STABLE10 Set-Cookie Authentication Information Disclosure
Low Log Correlation Engine Plugin ID 801035
SynopsisThe remote host may facilitate the theft of authentication data.
DescriptionThe remote Squid caching proxy, according to its version number,
is vulnerable to an attack where the attacker gains access to Set-Cookie headers for another user. Such an attack would allow the attacker to gain access to resources with the credentials of another user.
SolutionUpgrade to squid 2.5.STABLE10 or higher.