ELSA-2017-0183 -- Oracle squid34ID: oval:org.secpod.oval:def:1501747 | Date: (C)2017-01-27 (M)2023-12-20 |
Class: PATCH | Family: unix |
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections.