Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 - Patch | |
References | () http://fedoranews.org/updates/FEDORA--.shtml - | |
References | () http://marc.info/?l=bugtraq&m=110901183320453&w=2 - | |
References | () http://www.debian.org/security/2005/dsa-667 - Patch, Vendor Advisory | |
References | () http://www.kb.cert.org/vuls/id/260421 - Patch, Third Party Advisory, US Government Resource | |
References | () http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls - Patch | |
References | () http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch - Patch | |
References | () http://www.squid-cache.org/bugs/show_bug.cgi?id=1166 - Vendor Advisory |
Information
Published : 2005-05-02 04:00
Updated : 2024-11-20 23:54
NVD link : CVE-2005-0194
Mitre link : CVE-2005-0194
CVE.ORG link : CVE-2005-0194
JSON object : View
Products Affected
squid
- squid
CWE