CyberSecurity News
29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
AI summary
A vulnerability in the Squid web proxy can cause it to leak cleartext HTTP requests from one user to another. This leak can expose sensitive information such as credentials or session tokens to anyone who is allowed to send traffic through the same proxy. The issue is due to a heap over-read in the Squid web proxy. The bug originated from a change made in 1997 related to FTP parsing and remains present in Squid's default configuration. Researchers at Calif.io discovered the vulnerability and disclosed it in June, referring to it as Squidbleed. The vulnerability can be exploited by anyone with access to the proxy.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.