QwikSec

Security Database

CVE

CWE

Training

CVE-2001-1030

Published: Jun 25, 2002

Modified: Aug 8, 2024

PUBLISHED

Description

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20010718 Squid httpd acceleration acl bug enables portscanning

mailing-list

x_refsource_BUGTRAQ

squid-http-accelerator-portscanning(6862)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_REDHAT

IMNX-2001-70-031-01

vendor-advisory

x_refsource_IMMUNIX

vendor-advisory

x_refsource_MANDRAKE

CSSA-2001-029.0

vendor-advisory

x_refsource_CALDERA

20010719 TSLSA-2001-0013 - Squid

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.