Squid Web Proxy Cache Authentication Header Forwarding Information Disclosure

2002-07-03T00:00:00
ID OSVDB:5926
Type osvdb
Reporter OSVDB
Modified 2002-07-03T00:00:00

Description

Vulnerability Description

Squid Web Proxy Cache contains a flaw that may lead to an unauthorized information disclosure. The problem is that the Squid proxy authentication header could be forwarded to external web sites, which will disclose the proxy username and password resulting in a loss of confidentiality. No further details have been provided.

Solution Description

Upgrade to version 2.4.STABLE7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Squid Web Proxy Cache contains a flaw that may lead to an unauthorized information disclosure. The problem is that the Squid proxy authentication header could be forwarded to external web sites, which will disclose the proxy username and password resulting in a loss of confidentiality. No further details have been provided.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Related OSVDB ID: 5923 Related OSVDB ID: 5924 Related OSVDB ID: 5925 Related OSVDB ID: 5917 ISS X-Force ID: 9478 CVE-2002-0715 Bugtraq ID: 5154