RSS   Vulnerabilities for 'Squid web proxy cache'   RSS

2009-03-04
 
CVE-2009-0801

CWE-264
 

 
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

 
2007-12-04
 
CVE-2007-6239

 

 
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.

 

 >>> Vendor: Squid 3 Products
Squid web proxy
Squid
Squid web proxy cache


Copyright 2024, cxsecurity.com

 

Back to Top