Squid Proxy Failed DNS Lookup Random Error Messages Information Disclosure

medium Log Correlation Engine Plugin ID 801044

Synopsis

The remote proxy can be tricked into disclosing portions of its memory.

Description

The remote host running a Squid proxy on this port.
There is a vulnerability in the remote version of this software that may allow an attacker to disclose the content of its memory by causing the use of a freed pointer.

Solution

Upgrade to Squid 2.5.STABLE8 or 3.0-PRE4 or apply the vendor patches.

See Also

bugs.squid-cache.org/show_bug.cgi?id=1143

Plugin Details

Severity: Medium

ID: 801044

Family: Web Servers

Nessus ID: 15929

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Reference Information

CVE: CVE-2004-2479

BID: 11865