Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Squid权限许可和访问控制漏洞
Vulnerability Description
Squid(全称Squid Cache)是一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。 Squid 3.1.9版本中存在漏洞。远程攻击者可通过提供一个任意允许的在Host HTTP头中的主机名,绕过CONNECT方法的访问配置。
CVSS Information
N/A
Vulnerability Type
N/A