[squid-dev] Cache poisoning vulnerability 3.5.23

Omid Kosari omidkosari at yahoo.com
Wed Jul 26 10:19:22 UTC 2017


Hello,

Recently i have seen some Cache poisoning specially on android captive
portal detection sites .
My squid was 3.5.19 (from https://packages.debian.org/stretch/squid) on
Ubuntu Linux 16.04 . Then i have upgraded to latest version 3.5.23 (from
https://packages.debian.org/stretch/squid) and purged specific pages but
again i can see cache poisoning on same pages .

http://connectivitycheck.gstatic.com/generate_204
http://clients3.google.com/generate_204
http://172.217.20.206/generate_204
http://clients1.google.com/generate_204
http://google.com/generate_204




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Cache-poisoning-vulnerability-3-5-23-tp4683214.html
Sent from the Squid - Development mailing list archive at Nabble.com.


More information about the squid-dev mailing list