Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Gentoo: GLSA-200403-11 Normal: Squid URL Access Control Bypass

gentoo
Calendar Grey March 31, 2004
Dist Gentoo Esm H88
Debian's DSA-2004-02 highlights OpenSSL's buffer overflow vulnerability, emphasizing the necessity of applying security patches promptly.

Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to bypass Access Control Lists by sending a specially-crafted URL request containing '%00': in such circu...

Summary

Title: Squid ACL [url_regex] bypass vulnerability Date: March 30, 2004 Bugs: #45273 ID: 200403-11 ======= Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to bypass Access Control Lists by sending a specially-crafted URL request containing '%00': in such circumstances; the url_regex ACL may not properly detect the malicious URL, allowing the attacker to effectively bypass the ACL.
Background ========= Squid is a fully-featured Web Proxy Cache designed to run on Unix systems that supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected -------------------------------------------------...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory access control squid network traffic Gentoo Linux malicious URL bypass

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory access control squid network traffic Gentoo Linux malicious URL bypass

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here