squid -- HTTP response splitting cache pollution attack

2004-03-01T00:00:00
ID 4E4BD2C2-6BD5-11D9-9E1E-C296AC722CB3
Type freebsd
Reporter FreeBSD
Modified 2005-02-07T00:00:00

Description

According to a whitepaper published by Sanctum, Inc., it is possible to mount cache poisoning attacks against, among others, squid proxies by inserting false replies into the HTTP stream. The squid patches page notes:

This patch additionally strengthens Squid from the HTTP response attack described by Sanctum.