Squid.Squoison.Host.Header.Cache.Poisoning
Description
This indicates an attempt to exploit a Cache Poisoning vulnerability in Squid.
The vulnerability is due to improper checking of Host header against the URI in the HTTP request. By sending a crafted HTTP request to the attacker controlled website, an attacker can poison Squid proxy's cache with arbitrary content.
Affected Products
Squid Project Squid 3.5.12
Impact
System compromise: attackers can poison Squid proxy's cache with arbitrary content.
Recommended Actions
Upgrade to the latest version, available from the website.
http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-10 | 14.629 | Severity:medium:high |
2019-01-17 | 14.526 | Sig Added |