|
| Description: | | client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. |
|
| Impact: | | An attacker can exploit the vulnerability by sending a crafted request to a website through the proxy server. Successful exploit can cause the Squid proxy's cache to be poisoned with the attacker's chosen content. |
|
| Affected OS: | | Solaris, FreeBSD, Windows, Linux, Other Unix, Mac OS, Others |
|
| Reference: | | SecurityTrackerID:1035768
|
|