tis 2010-04-13 klockan 00:52 +1200 skrev Amos Jeffries:
> Squid is vulnerable to CVE-2009-0801. Which means if your http_port with
> "transparent" flag is accessible or easily guessed your proxy can be
> abused to poison your entire networks HTTP traffic. All it takes is one
> infected client and the whole network is compromised.
CVE-2009-0801 is not about poisoning, but about flash, java etc being
able to bypass the same-host sandbox security restriction normally
enforced within such frameworks, opening up for an additional risk of
information theft as the applet/etc can grab information from any host
the proxy have access to, not just the host the applet/etc came from.
Regards
Henrik
Received on Tue Apr 27 2010 - 23:53:28 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 28 2010 - 12:00:31 MDT