tis 2010-04-13 klockan 00:52 +1200 skrev Amos Jeffries: > Squid is vulnerable to CVE-2009-0801. Which means if your http_port with > "transparent" flag is accessible or easily guessed your proxy can be > abused to poison your entire networks HTTP traffic. All it takes is one > infected client and the whole network is compromised. CVE-2009-0801 is not about poisoning, but about flash, java etc being able to bypass the same-host sandbox security restriction normally enforced within such frameworks, opening up for an additional risk of information theft as the applet/etc can grab information from any host the proxy have access to, not just the host the applet/etc came from. Regards Henrik
