SA-2023-110 - Squid absolute URL includes decoded ... - Extreme Networks - 98137

Summary

Squid has discovered an issue where it checks its cache for response availability by making an MD5 hash of the absolute URL. This can include decoded UserInfo, allowing attackers to provide a username with special characters and treat the rest of the URL as a path or query string. This could lead to access to features only reverse proxies can use.

Products Potentially Affected

OS/Product	Exposure
IQ Engine (HiveOS)	Yes

Repair Recommendations

IQ Engine (HiveOS): Pending.

Please see the full security advisory article here for more details and updates.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Popular Articles

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)

GTM-P2G8KFN