Re: [squid-users] Squid and MS Proxy 2.0 Denial of service

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 21 Apr 2003 17:35:23 +0200

On Monday 21 April 2003 16.59, Eric Galarneau wrote:
> Simply because Microsoft does not provide much details on this
> vulnerability.

I thought they provided a lot of information.. basically everything
but how to reproduce the issue.

> Also starting about a week ago I noticed several
> "urlParse: Illegal character in hostname" in the log for domain
> names containing either ! Or [] (From unsolicited HTML email
> messages). I was wondering if these were attempts to exploit this
> vulnerability.

Probably not related to this specific issue and looks more like some
client exploit attempt, quite likely to attempt to bypass some kind
of MSIE security restrictions. On the good side Squid rejects the
request as invalid keeping your users safe.

What does the full URLs look like?

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Mon Apr 21 2003 - 09:34:04 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:06 MST