| Squid Proxy Vulnerability |
|
|
|
Squid Proxy Set-Cookie Headers Information Disclosure Vulnerability Description A new vulnerability was reported in Squid Proxy, which may be exploited by malicious users to conduct session hijacking attacks. The flaw is due to a race condition where "Set-Cookie" headers may leak to another users if the requested server relies on obsolete Netscape Set-Cookie specifications. Affected Products Squid version 2.5-STABLE-9 and prior Solution quid-2.5.STABLE9-setcookie.patch : http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE9-setcookie.patch References http://www.k-otik.com/english/advisories/2005/0229 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie Credits Vulnerability reported by SQUID |