FreeBSD : squid -- possible cache-poisoning via malformed HTTP responses (b4d94fa0-6e38-11d9-9e1e-c296ac722cb3)
Medium Nessus Plugin ID 19089
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe squid patches page notes :
This patch makes Squid considerably stricter while parsing the HTTP protocol.
- A Content-length header should only appear once in a valid request or response. Multiple Content-length headers, in conjunction with specially crafted requests, may allow Squid's cache to be poisoned with bad content in certain situations.
- CR characters is only allowed as part of the CR NL line terminator, not alone. This to ensure that all involved agrees on the structure of HTTP headers.
- Rejects requests/responses that have whitespace in an HTTP header name.
To enable these strict parsing rules, update to at least squid-2.5.7_9 and specify relaxed_header_parser off in squid.conf.
SolutionUpdate the affected package.