Short Name |
APP:PROXY:SQUID-HOST-HDR-BYPASS |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
APP |
Keywords |
Squid Proxy Host Header Bypass Technique |
Release Date |
2012/04/23 |
Update Number |
2122 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to bypass a filtering proxy. Squid Proxy, an open-source proxy project, contains a flaw that allows a crafted HTTP request to bypass the proxy. Since McAfee Web Gateway utilizes Squid, it is also vulnerable to this bypass technique. A successful attack would result in a bypass of your organization's proxy, which could allow the exfiltration of sensitive data, or the access of malicious code on a website, normally blocked by the proxy, which could execute arbitrary code on endpoint systems.
Squid Proxy is prone to a security-bypass vulnerability because it fails to properly enforce filtering rules. A successful attack will allow an attacker to bypass intended security restrictions; this may aid in other attacks. Squid Proxy 3.1.19 is vulnerable; other versions may also be affected. Note: This BID is being retired; the issue can not be exploited as described.