squid -- HTTP response splitting cache pollution attack

ID 4E4BD2C2-6BD5-11D9-9E1E-C296AC722CB3
Type freebsd
Reporter FreeBSD
Modified 2005-02-07T00:00:00


According to a whitepaper published by Sanctum, Inc., it is possible to mount cache poisoning attacks against, among others, squid proxies by inserting false replies into the HTTP stream. The squid patches page notes:

This patch additionally strengthens Squid from the HTTP response attack described by Sanctum.