漏洞类别:Proxy
漏洞等级: 
漏洞信息
Squid Proxy is a freely available open source Web proxy software package. It is designed for use on Unix,Linux and Windows platforms.
Squid Proxy is vulnerable to a Header Smuggling Attack due to improper input validation.
Affected Software:
Squid 1.x to Squid 3.5.17
QID Detection Logic (Unauthenticated):
This unauthenticated detection works by reviewing the version of the Squid Proxy service.
漏洞危害
Remote attackers bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
解决方案
The vendor has released updates to resolve this issue.
Refer to vendor advisory SQUID-2016:8 to obtain more details and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论