Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:PROXY:SQUID-HOST-HDR-BYPASS

Severity

 Medium

Recommended

 Yes

Category

 APP

Keywords

 Squid McAfee Web Gateway bypass

Release Date

 2012/04/23

Update Number

 2122

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Squid Proxy Host Header Bypass Technique


This signature detects attempts to bypass a filtering proxy. Squid Proxy, an open-source proxy project, contains a flaw that allows a crafted HTTP request to bypass the proxy. Since McAfee Web Gateway utilizes Squid, it is also vulnerable to this bypass technique. A successful attack would result in a bypass of your organization's proxy, which could allow the exfiltration of sensitive data, or the access of malicious code on a website, normally blocked by the proxy, which could execute arbitrary code on endpoint systems.

Extended Description

Squid Proxy is prone to a security-bypass vulnerability because it fails to properly enforce filtering rules. A successful attack will allow an attacker to bypass intended security restrictions; this may aid in other attacks. Squid Proxy 3.1.19 is vulnerable; other versions may also be affected. Note: This BID is being retired; the issue can not be exploited as described.

Affected Products

  • Squid Web Proxy Cache 3.1.19

References

  • BugTraq: 53015
  • BugTraq: 53024
  • URL: http://www.mcafee.com/
  • URL: http://www.squid-cache.org/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out