|
|
Family: Misc. --> Category: infos
Squid Proxy Set-Cookie Headers Information Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for Set-Cookie headers information disclosure vulnerability in Squid
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote proxy server is affected by an information disclosure
issue.
Description :
The remote Squid caching proxy, according to its banner, is prone to
an information disclosure vulnerability. Due to a race condition,
Set-Cookie headers may leak to other users if the requested server
employs the deprecated Netscape Set-Cookie specifications with regards
to how cacheable content is handled.
See also :
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie
Solution :
Apply the patch referenced in the vendor URL above or upgrade to
version 2.5 STABLE10 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
