7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.6%
From the Squid advisory:
Squid versions 2.5.STABLE4 and earlier contain a bug
in the “%xx” URL decoding function. It may insert a NUL
character into decoded URLs, which may allow users to bypass
url_regex ACLs.