[squid-dev] Cache poisoning vulnerability 3.5.23
Omid Kosari
omidkosari at yahoo.com
Wed Jul 26 10:19:22 UTC 2017
Hello,
Recently i have seen some Cache poisoning specially on android captive
portal detection sites .
My squid was 3.5.19 (from https://packages.debian.org/stretch/squid) on
Ubuntu Linux 16.04 . Then i have upgraded to latest version 3.5.23 (from
https://packages.debian.org/stretch/squid) and purged specific pages but
again i can see cache poisoning on same pages .
http://connectivitycheck.gstatic.com/generate_204
http://clients3.google.com/generate_204
http://172.217.20.206/generate_204
http://clients1.google.com/generate_204
http://google.com/generate_204
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Cache-poisoning-vulnerability-3-5-23-tp4683214.html
Sent from the Squid - Development mailing list archive at Nabble.com.
More information about the squid-dev
mailing list