Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDA30E5E44-5440-11D9-9E1E-C296AC722CB3
HistoryDec 21, 2004 - 12:00 a.m.

squid -- confusing results on empty acl declarations

2004-12-2100:00:00
vuxml.freebsd.org
13

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.7%

JSON

Applying an empty ACL list results in unexpected behavior:
anything will match an empty ACL list. For example,

The meaning of the configuration gets very confusing when
we encounter empty ACLs such as
acl something src “/path/to/empty_file.txt”
http_access allow something somewhere
gets parsed (with warnings) as
http_access allow somewhere
And similarily if you are using proxy_auth acls without
having any auth schemes defined.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchsquid< 2.5.7_5UNKNOWN

Related

openvas 7
nessus 5
debiancve 1
ubuntucve 1
cve 1
cert 1
ubuntu 1
debian 2
osv 1
gentoo 1
openvas
openvas
FreeBSD Ports: squid
2008-09-04 00:00:00
FreeBSD Ports: squid
2008-09-04 00:00:00
Ubuntu: Security Advisory (USN-84-1)
2022-08-26 00:00:00
nessus
nessus
FreeBSD : squid -- confusing results on empty acl declarations (a30e5e44-5440-11d9-9e1e-c296ac722cb3)
2005-07-13 00:00:00
Ubuntu 4.10 : squid vulnerabilities (USN-84-1)
2006-01-15 00:00:00
Mandrake Linux Security Advisory : squid (MDKSA-2005:078)
2005-05-02 00:00:00
debiancve
debiancve
CVE-2005-0194
2005-05-02 04:00:00
ubuntucve
ubuntucve
CVE-2005-0194
2005-05-02 00:00:00
cve
cve
CVE-2005-0194
2005-05-02 04:00:00
cert
cert
Squid fails to parse empty access control lists correctly
2005-02-21 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2005-02-21 00:00:00
debian
debian
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities
2005-02-04 16:35:59
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities
2005-02-04 16:35:59
osv
osv
squid - several
2005-02-04 00:00:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2005-01-16 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.7%

JSON
Related for A30E5E44-5440-11D9-9E1E-C296AC722CB3
openvas7nessus5debiancve1ubuntucve1cve1cert1ubuntu1debian2osv1gentoo1