Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Squid < 2.5.STABLE7 Report Information Disclosure



The remote proxy server may give an attacker information useful for future attacks.


The remote host is running the Squid proxy. The server has web-based proxy reporting enabled. An attacker viewing these pages would be able to gain information that may be useful in future attacks. This occurs when Squid processes the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.


Use ACLs to protect the Squid proxy reports. Alternatively, Squid 2.5.STABLE7 has been patched for this vulnerability.