Any remote client may access resources which should be restricted
and not available to them. Such as those protected behind client
IP ACLs. Attacker could also gain access to manager services when
Via header is turned off.
Any remote client can perform a Denial of Service on all other
clients using the proxy.
For reporting of security sensitive bugs send an email to the
[hidden email] mailing list. It is a closed list
(though anyone can post) and security related bug reports are
treated in confidence until the impact has been established.
2019-05-14 14:56:49 UTC Initial Report
2019-06-05 15:52:17 UTC CVE-2019-12523 Assignment
2019-07-03 01:07:41 UTC Additional Report
2019-11-04 13:43:22 UTC CVE-2019-18676 Assignment
squid-announce mailing list
[hidden email] http://lists.squid-cache.org/listinfo/squid-announce