From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/8.0.3.3 Description of problem: 05.19.16 CVE: Not Available Platform: Unix Title: Squid Proxy Unspecified DNS Spoofing Description: Squid Proxy is a freely available, open source web proxy software package. Squid Proxy is affected by an unspecified DNS spoofing vulnerability. Squid Proxy versions 2.5 and earlier are known to be vulnerable. Ref: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query (2) MODERATE: Multiple Vendor HTTP Request Smuggling Affected: Configurations involving a number of popular web proxy/cache servers and web application firewalls Description: A new attack technique named "HTTP Request Smuggling" has been reported to affect configurations that involve one or more web entities (i.e. a web proxy server, a web cache server or a web application firewall) between a user and a web server. The attack can be carried out by crafting back-to-back HTTP requests that are interpreted differently by the web entities. For example, if an HTTP request is crafted with two distinct HTTP "Content-Length" headers, the two web entities may process the same request by honoring either the first or the last "Content-Length" header. The discoverers have shown how an attacker can exploit such behaviors by crafting HTTP requests that may result in web cache poisoning, bypassing the web firewall, cross-site scripting (requiring no user interaction) or session hijacking. The vulnerable example configurations listed in the discoverers' posting include Sun ONE proxy server, Sun ONE webserver, CheckPoint Firewall, Microsoft IIS server, Microsoft ISA server, Apache, Jakarta Tomcat server, IBM WebSphere, BEA WebLogic, Oracle9iAS, Squid, Delegate and Oracle WebCache. Status: Squid and CheckPoint have distributed patches. The status regarding other vendors is not currently known. Council Site Actions: Two council sites are still evaluating if they are vulnerable. One site has already patched their system. References: Watchfire Whitepaper http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf SecurityFocus BID http://www.securityfocus.com/bid/13873 05.23.14 CVE: Not Available Platform: Cross Platform Title: Multiple Vendor Multiple HTTP Request Smuggling Description: Multiple vendors are prone to a new class of attack named "HTTP Request Smuggling". This class of attack basically revolves around piggybacking a HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, it is demonstrated that this class of attack may result in cache poisoning, cross-site scripting, session hijacking and other attacks. Reports indicate that Microsoft IIS 5.0 is affected. Ref: http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf 05.37.15 CVE: CAN-2005-2794 Platform: Unix Title: Squid Proxy Aborted Requests Remote Denial of Service Description: Squid Proxy is a freely available, open source Web proxy software package. A remote denial of service vulnerability affects the Squid Proxy. This issue is due to a failure of the application to properly handle exceptional network requests. A remote attacker may leverage this issue to crash the affected Squid Proxy, denying service to legitimate users. Ref: http://www.securityfocus.com/bid/14761 05.40.12 CVE: CAN-2005-2917 Platform: Unix Title: Squid Proxy Client NTLM Authentication Denial of Service Description: Squid Proxy is a web proxy software package. It is reported to be vulnerable to a denial of service issue. The issue presents itself when proxy handles certain NTLM request sequences. Squid Web Proxy Cache version 2.5 .STABLE9 is reported to be vulnerable. Ref: http://www.securityfocus.com/bid/14977 Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info:
Please see attachment #120495 [details] for a listing of all CVE's covered by Bug #152809 and new bugs that we can deal with in this bug report. This attachment is introduced in bug 152809 comment 12.
Wow...that's great work David. Thanks.
You're welcome. Where do we go from here? Is bug 152809 released?
Let's track this in 152809. *** This bug has been marked as a duplicate of 152809 ***