Search squid archive

Re: XSS issue only affects bump doesn't it?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 29/10/18 9:20 AM, Jason Haar wrote:
> Hi there
> 
> I'm running a vulnerable version of squid (ie "--with-openssl" and
> "--enable-ssl") but due to issues with bumping not working well, don't
> actually do it (ie sslcrtd_program and ssl_bump not defined/etc).
> 
> So does that mean we can't actually be affected by this vulnerability?

The problem is in the error page generated. So while it is most visible
with bump'ed traffic it also can occur whenever Squid is the agent
performing the TLS handshake with a server.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux