On 15/07/2013 4:34 a.m., Squid27User wrote:
> Thanks for your reply. Being an enterprise, I'd have to prove it is a bug
> before we can upgrade. Is it possible for you to let me know if there is any
> possibility in the Squid 2.7 code where a new client connection (after a
> timeout) can end up relaying a CONNECT to the server through SSL?
I can't be sure sorry. I've not worked with any of the 2.7 tunneling or
SSL code.
There is this if you require a reason to upgrade and are using traffic
interception:
http://www.squid-cache.org/Advisories/SQUID-2011_1.txt
"This problem allows any browser script to bypass local security and
retrieve arbitrary content from any source."
By "local security" we mean both Squid ACL permissions AND any network
firewall which is in place.
There are definitely things out there taking advantage of it already.
Amos
Received on Mon Jul 15 2013 - 02:27:00 MDT
This archive was generated by hypermail 2.2.0 : Mon Jul 15 2013 - 12:00:26 MDT