Hey Omid, It's not clear what do you mean by cache poisoning? There are couple options but there are missing technical pieces on how to re-produce the issue, what squid setup are you using ie squid.conf. How can I test it here on my test lab?
Thanks, Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -----Original Message----- From: squid-dev [mailto:squid-dev-boun...@lists.squid-cache.org] On Behalf Of Omid Kosari Sent: Wednesday, July 26, 2017 13:19 To: squid-dev@lists.squid-cache.org Subject: [squid-dev] Cache poisoning vulnerability 3.5.23 Hello, Recently i have seen some Cache poisoning specially on android captive portal detection sites . My squid was 3.5.19 (from https://packages.debian.org/stretch/squid) on Ubuntu Linux 16.04 . Then i have upgraded to latest version 3.5.23 (from https://packages.debian.org/stretch/squid) and purged specific pages but again i can see cache poisoning on same pages . http://connectivitycheck.gstatic.com/generate_204 http://clients3.google.com/generate_204 http://172.217.20.206/generate_204 http://clients1.google.com/generate_204 http://google.com/generate_204 -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Cache-poisoning-vulnerability-3-5-23-tp4683214.html Sent from the Squid - Development mailing list archive at Nabble.com. _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev