Thinking OPEN

Squid Web Proxy Cache 3.0_pre3 and prior [High]

By Security Team • Mar 4th, 2009 • Category: Security Notifications

Affects:

  • Squid Web Proxy Cache 3.0_pre3 and prior [High]

Description

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-0801
Severity: High

National Vulnerabilities Database

NIST National Vulnerabilities Database

Related OLEX Packages: squid_web_proxy_cache
Security Team

Security Team
We'll keep you safe. Trust us, that's our job. Even though, contrary to what our Avatar might imply, we're not all linebackers. In fact, some of us are quite petite. And others of us wear high heeled boots. Red. Wondering whether we also know what we're talking about? C'mon -have you read any of these security posts?
All posts by Security Team

Comments are closed.