Konata

**Name of the Vulnerable Software and Affected Versions** Squid versions 4.9 through 4.17 Squid versions 5.0.6 through 5.6 **Description** An issue was discovered due to inconsistent handling of internal URIs, which can lead to Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This may allow a remote attacker to bypass ACL protection and access cache manager information, including network structure, client credentials, client identifier, and client traffic behavior. **Recommendations** For Squid versions 4.9 through 4.17, update to a version newer than 5.7 to resolve the issue. For Squid versions 5.0.6 through 5.6, update to version 5.7 or newer to resolve the issue. As a temporary workaround, consider restricting access to the internal cache manager URL to minimize the risk of exploitation.