Release date:
Updated on:
Affected Systems:
Squid 3.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66112
CVE (CAN) ID: CVE-2014-0128
Squid is an efficient Web Cache and proxy program.
An error exists in the status management implementation of SSL-Bump in versions earlier than Squid 3.3.12 and 3.4.4, which can be maliciously exploited to cause assertion failure through specially crafted HTTPS requests. To successfully exploit this vulnerability, you must enable the SSL-Bump function.
<* Source: Fabian Hugelshofer
Mathias Fischer
Link: http://secunia.com/advisories/57288/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Squid
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.squid-cache.org/Advisories/
Http://www.squid-cache.org/Advisories/SQUID-2014_1.txt
Squid details: click here
Squid: click here
Recommended reading:
Configure Squid proxy http and rsync
Squid: high-speed Web Access
CentOS 6.2 compilation and installation Squid configuration Reverse Proxy Server
Application of Squid in Enterprise Network