Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.SQUID_NULL_URL_AUTH_BYPASS.NASL
HistoryApr 04, 2004 - 12:00 a.m.

Squid %xx URL Encoding ACL Bypass

2004-04-0400:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
19

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.6%

JSON

The remote squid caching proxy, according to its version number, is vulnerable to a flaw that could allow an attacker to gain access to unauthorized resources.

The flaw itself consists of sending a malformed username containing the %00 (null) character, which could allow an attacker to access otherwise restricted resources.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(12124);
  script_version("1.23");
  script_cvs_date("Date: 2018/07/30 15:31:32");

  script_cve_id("CVE-2004-0189");
  script_bugtraq_id(9778);

  script_name(english:"Squid %xx URL Encoding ACL Bypass");
  script_summary(english:"Determines squid version");

  script_set_attribute(attribute:'synopsis', value:"The remote service is vulnerable to an authentication bypass.");
  script_set_attribute(attribute:'description', value:
"The remote squid caching proxy, according to its version number, is
vulnerable to a flaw that could allow an attacker to gain access to
unauthorized resources.

The flaw itself consists of sending a malformed username containing
the %00 (null) character, which could allow an attacker to access
otherwise restricted resources.");
  script_set_attribute(attribute:'see_also', value:"http://www.squid-cache.org/Advisories/SQUID-2004_1.txt");
  script_set_attribute(attribute:'solution', value:"Upgrade to squid 2.5.STABLE6 or newer");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/02/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/04/04");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:squid-cache:squid");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
  script_family(english:"Firewalls");

  script_dependencie("squid_version.nasl");
  script_require_keys("www/squid", "Settings/ParanoidReport");
  script_require_ports("Services/http_proxy",3128, 8080);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

# Build a list of ports from the
list = get_kb_list("http_proxy/*/squid/version");
if (isnull(list)) exit(0, "The host does not appear to be running a Squid proxy server.");

vulnerable = FALSE;
foreach item (keys(list))
{
  port = ereg_replace(pattern:'^http_proxy/([0-9]+)/squid/version', replace:'\\1', string:item);
  version = list[item];
  source = get_kb_item('http_proxy/'+port+'/squid/source');

  if (
    version =~ '^2\\.[0-4]\\.' ||
    version =~ '^2\\.5\\.STABLE[0-4]([^0-9]|$)'
  )
  {
    vulnerable = TRUE;
    if (report_verbosity > 0)
    {
      report =
        '\n  Version source    : ' + source +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : 2.5.STABLE5' + '\n';
      security_hole(port:port, extra:report);
    }
    else security_hole(port:port);
  }
}
if (!vulnerable)
{
  exit(0, "No vulnerable Squid installs were detected on the remote host.");
}
VendorProductVersionCPE
squid-cachesquidcpe:/a:squid-cache:squid

Related

nessus 7
gentoo 1
osv 1
openvas 6
nvd 1
freebsd 1
securityvulns 1
cve 1
debiancve 1
redhat 1
cvelist 1
debian 1
nessus
nessus
RHEL 2.1 / 3 : squid (RHSA-2004:133)
2004-07-06 00:00:00
Mandrake Linux Security Advisory : squid (MDKSA-2004:025)
2004-07-31 00:00:00
Debian DSA-474-1 : squid - ACL bypass
2004-09-29 00:00:00
gentoo
gentoo
Squid ACL [url_regex] bypass vulnerability
2004-03-30 00:00:00
osv
osv
squid - ACL bypass
2004-04-03 00:00:00
openvas
openvas
Debian Security Advisory DSA 474-1 (squid)
2008-01-17 00:00:00
FreeBSD Ports: squid
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200403-11 (Squid)
2008-09-24 00:00:00
nvd
nvd
CVE-2004-0189
2004-03-15 05:00:00
freebsd
freebsd
squid ACL bypass due to URL decoding bug
2004-02-29 00:00:00
securityvulns
securityvulns
MDKSA-2004:025 - Updated squid packages fix vulnerability
2004-04-01 00:00:00
cve
cve
CVE-2004-0189
2004-09-01 04:00:00
debiancve
debiancve
CVE-2004-0189
2004-09-01 04:00:00
redhat
redhat
(RHSA-2004:133) squid security update
2004-04-14 00:00:00
cvelist
cvelist
CVE-2004-0189
2004-09-01 04:00:00
debian
debian
[SECURITY] [DSA 474-1] New squid packages fix ACL bypass
2004-04-04 06:09:37

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.6%

JSON
Related for SQUID_NULL_URL_AUTH_BYPASS.NASL
nessus7gentoo1osv1openvas6nvd1freebsd1securityvulns1cve1debiancve1redhat1cvelist1debian1