|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
Squid Cache contains a flaw that will prevent the HTCP interface from being disabled from the configuration file. This could allow a remote attacker to circumvent access restrictions.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Other
Impact:
Unknown
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Technical |
Hyper Text Cache Protocol (HTCP) is used by the Squid Cache server to communicate with other cache servers. If the Squid Cache server was compiled with HTCP enabled '--enable-htcp' then the server would create an HTCP interface to communicate on. This interaface could not be disabled even though the documentation indicated it could be done through the configuration file.
|
|
Solution |
Upgrade to version 2.4.STABLE4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Squid Web Proxy Cache
 |
2.4.STABLE3 |
2.0.x |
2.1.x |
2.2.x |
2.3.x |
2.4.STABLE1 |
2.4.STABLE2 |
|
|
|
|
Credit |
- Miquel van Smoorenburg -
- Markus Friedl -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
