Squid < 2.5.STABLE10 Set-Cookie Authentication Information Disclosure

Low Log Correlation Engine Plugin ID 801035


The remote host may facilitate the theft of authentication data.


The remote Squid caching proxy, according to its version number,
is vulnerable to an attack where the attacker gains access to Set-Cookie headers for another user. Such an attack would allow the attacker to gain access to resources with the credentials of another user.


Upgrade to squid 2.5.STABLE10 or higher.

See Also


Plugin Details

Severity: Low

ID: 801035

File Name: 801035.prm

Family: Web Servers

Risk Information

Risk Factor: Low


Base Score: 4.8

Temporal Score: 4.2

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:ND

Reference Information

CVE: CVE-2005-0626, CVE-2005-0718, CVE-2005-1519

BID: 12716, 13592, 13166