Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
Software | From | Fixed in |
---|---|---|
squid / squid | 2.5.stable5 | 2.5.stable5.x |
squid / squid | 2.5.stable6 | 2.5.stable6.x |
squid / squid | 2.5.stable7 | 2.5.stable7.x |