Explore top 10 tips to secure your open-source projects now. Read More
×Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker to bypass Access Control Lists by sending a specially-crafted URL request containing '%00': in such circu...
Title: Squid ACL [url_regex] bypass vulnerability
Date: March 30, 2004
Bugs: #45273
ID: 200403-11
=======
Squid versions 2.0 through to 2.5.STABLE4 could allow a remote attacker
to bypass Access Control Lists by sending a specially-crafted URL
request containing '%00': in such circumstances; the url_regex ACL may
not properly detect the malicious URL, allowing the attacker to
effectively bypass the ACL.
Background
=========
Squid is a fully-featured Web Proxy Cache designed to run on Unix
systems that supports proxying and caching of HTTP, FTP, and other
URLs, as well as SSL support, cache hierarchies, transparent caching,
access control lists and many other features.
Affected packages
================
------------------------------------------------------------------- Package / Vulnerable / Unaffected
-------------------------------------------------...
style>.gentoo_availability{display:block;}
Get the latest Linux and open source security news straight to your inbox.