What I understand from the advisory is the Squid proxy is basing its
filtering on the Host header when present, even for the CONNECT
command which doesn't allow this header at all as it makes no sense. I
haven't confirmed the bug but what's being described is definitely a
vulnerability.
filtering on the Host header when present, even for the CONNECT
command which doesn't allow this header at all as it makes no sense. I
haven't confirmed the bug but what's being described is definitely a
vulnerability.
There's als...
[ more ]