APP: Squid Proxy Host Header Bypass Technique
This signature detects attempts to bypass a filtering proxy. Squid Proxy, an open-source proxy project, contains a flaw that allows a crafted HTTP request to bypass the proxy. Since McAfee Web Gateway utilizes Squid, it is also vulnerable to this bypass technique. A successful attack would result in a bypass of your organization's proxy, which could allow the exfiltration of sensitive data, or the access of malicious code on a website, normally blocked by the proxy, which could execute arbitrary code on endpoint systems.
Extended Description
Squid Proxy is prone to a security-bypass vulnerability because it fails to properly enforce filtering rules. A successful attack will allow an attacker to bypass intended security restrictions; this may aid in other attacks. Squid Proxy 3.1.19 is vulnerable; other versions may also be affected. Note: This BID is being retired; the issue can not be exploited as described.
Affected Products
Squid web_proxy_cache
Short Name
APP:PROXY:SQUID-HOST-HDR-BYPASS
Severity
Minor
Recommended
False
Recommended Action
None
Category
APP
Keywords
Bypass Header Host Proxy Squid Technique bid:53015 bid:53024
Release Date
04/23/2012
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Squid