Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Squid 2.5.x < 2.5.STABLE8 Information Disclosure

Medium

Synopsis

The remote proxy server can be tricked into disclosing portions of its memory.

Description

The remote host running a Squid proxy on this port. There is a vulnerability in the remote version of this software that may allow an attacker to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.

Solution

Upgrade to Squid 2.5.STABLE8, 3.0-PRE4, or apply the vendor patches.