Jianjun Chen, a postgraduate student at Tsinghua University, discovered a critical vulnerability in the popular Squid proxy server. He found that the system fails to conform to the RFC 7230 standard and is not capable of parsing/processing the Host header in HTTP requests properly. This allows attackers to conduct a Cache Poisoning attack using a specially crafted malicious packet.
May 5, 2016
“Squoison” Attack: High-severity Vulnerability in Squid Proxy Server Allows Cache Poisoning
Jianjun Chen, a postgraduate student at Tsinghua University, discovered a critical vulnerability in the popular Squid proxy server. He found that the system fails to conform to the RFC 7230 standard and is not capable of parsing/processing the Host header in HTTP requests properly. This allows attackers to conduct a Cache Poisoning attack using a specially crafted malicious packet.
Subscribe to:
Posts (Atom)