Squid Set-Cookie Header Cross-session Information Disclosure
Medium Nessus Plugin ID 19237
SynopsisThe remote proxy server is affected by an information disclosure issue.
DescriptionThe remote Squid caching proxy, according to its banner, is prone to an information disclosure vulnerability. Due to a race condition, Set-Cookie headers may leak to other users if the requested server employs the deprecated Netscape Set-Cookie specifications with regards to how cacheable content is handled.
SolutionApply the patch referenced in the vendor URL above or upgrade to version 2.5 STABLE10 or later.