Jean-Paul Larocque

**Name of the Vulnerable Software and Affected Versions** Squid versions 5.0.6 through 5.1.x **Description** An issue was discovered in Squid when validating an origin server or peer certificate, which may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust improperly, and this indication of trust may be passed along to clients, allowing access to unsafe or hijacked services. The vulnerability is related to errors in certificate authentication and can be exploited by a remote attacker to perform a man-in-the-middle attack. **Recommendations** For Squid versions 5.0.6 through 5.1.x, update to version 5.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of certificate validation until a patch is available. Avoid using the vulnerable certificate validation mechanism in Squid until the issue is resolved.