Back to search
CVE-2005-0194
Published: Feb 6, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
CLA-2005:923
vendor-advisory
x_refsource_CONECTIVA
20050221 [USN-84-1] Squid vulnerabilities
mailing-list
x_refsource_BUGTRAQ
FLSA-2006:152809
vendor-advisory
x_refsource_FEDORA
http://www.squid-cache.org/bugs/show_bug.cgi?id=1166
x_refsource_CONFIRM
DSA-667
vendor-advisory
x_refsource_DEBIAN
VU#260421
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now