Kua whakaputaina ngā hua o tētahi arotake haumarutanga motuhake o te tūmau takawaenga pupuri tuwhera-pūtake a Squid, i whakahaerehia i te tau 2021. I kitea i roto i te arotakenga o te pūtake waehere o te kaupapa e 55 ngā ngoikoretanga, 35 o ēnei kāore anō kia whakatikatikaina e ngā kaiwhakawhanake (ngā take kore-rā). I whakamōhiotia ngā kaiwhakawhanake a Squid mō ngā take i ngā tau e rua me te hawhe ki muri, engari kāore i oti ā rātou whakatikatika. I te mutunga, i whakatau te kaituhi o te arotakenga ki te whakaatu i ngā mōhiohio i mua i te whakatikatikaina o ngā take katoa, me te whakamōhio atu ki ngā kaiwhakawhanake a Squid i mua.
I roto i ngā ngoikoretanga i tautuhia:
- Ka puta he putunga puranga i te whakatinanatanga o te manatoko hash (Digest Authentication) ina tukatukahia te pane HTTP Proxy-Authorization me te uara mara "Digest nc" nui rawa.
- Te uru atu ki te mahara i muri i te whakawāteatanga i roto i tētahi kaiwhakahaere tono mā te tikanga TRACE.
- Te ngoikoretanga o te whakamahi-muri-kore i roto i ngā tono HTTP me te pane Range (CVE-2021-31807).
- I puta te waipuke o te puranga i te wā e tukatuka ana i te pane HTTP X-Forwarded-For.
- Ka pupū te puranga i te wā e tukatuka ana i ngā tono kua wehea.
- Te uru atu ki te mahara i muri i te whakawāteatanga i te atanga tukutuku CacheManager.
- Te waipuke o te tauoti i roto i te kaiwhakahaere pane o te Awhe HTTP (CVE-2021-31808).
- He pupuri i muri i te waipuke kore utu me te putunga arai i roto i te tukatuka whakapuakitanga ESI (Edge Side Includes).
- He maha ngā turuturu mahara, he nui rawa ngā putunga i ngā pānui, me ngā take tukinga.
Source: opennet.ru
