| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.mitre.oval:def:9976 | V | Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups. | 2013-04-29 |
| oval:org.mitre.oval:def:10071 | V | The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. | 2013-04-29 |
| oval:org.mitre.oval:def:10513 | V | Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator. | 2013-04-29 |
| oval:org.mitre.oval:def:11169 | V | Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. | 2013-04-29 |
| oval:org.mitre.oval:def:11562 | V | Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory. | 2013-04-29 |