Lucene search

[email protected]NVD:CVE-2005-0194

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0194

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.009

Percentile

83.0%

JSON

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

Affected configurations

Nvd

Node

squidsquidMatch2.0.patch1

squidsquidMatch2.0.patch2

squidsquidMatch2.0.pre1

squidsquidMatch2.0.release

squidsquidMatch2.1.patch1

squidsquidMatch2.1.patch2

squidsquidMatch2.1.pre1

squidsquidMatch2.1.pre3

squidsquidMatch2.1.pre4

squidsquidMatch2.1.release

squidsquidMatch2.2.devel3

squidsquidMatch2.2.devel4

squidsquidMatch2.2.pre1

squidsquidMatch2.2.pre2

squidsquidMatch2.2.stable1

squidsquidMatch2.2.stable2

squidsquidMatch2.2.stable3

squidsquidMatch2.2.stable4

squidsquidMatch2.2.stable5

squidsquidMatch2.3.devel2

squidsquidMatch2.3.devel3

squidsquidMatch2.3.stable1

squidsquidMatch2.3.stable2

squidsquidMatch2.3.stable3

squidsquidMatch2.3.stable4

squidsquidMatch2.3.stable5

squidsquidMatch2.4.stable1

squidsquidMatch2.4.stable2

squidsquidMatch2.4.stable3

squidsquidMatch2.4.stable4

squidsquidMatch2.4.stable6

squidsquidMatch2.4.stable7

squidsquidMatch2.5.stable1

squidsquidMatch2.5.stable2

squidsquidMatch2.5.stable3

squidsquidMatch2.5.stable4

squidsquidMatch2.5.stable5

squidsquidMatch2.5.stable6

VendorProductVersionCPE
squidsquid2.0.patch1cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*
squidsquid2.0.patch2cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*
squidsquid2.0.pre1cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*
squidsquid2.0.releasecpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*
squidsquid2.1.patch1cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*
squidsquid2.1.patch2cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*
squidsquid2.1.pre1cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*
squidsquid2.1.pre3cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*
squidsquid2.1.pre4cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*
squidsquid2.1.releasecpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
squid	squid	2.0.patch1	cpe:2.3:a:squid:squid:2.0.patch1:::::::*
squid	squid	2.0.patch2	cpe:2.3:a:squid:squid:2.0.patch2:::::::*
squid	squid	2.0.pre1	cpe:2.3:a:squid:squid:2.0.pre1:::::::*
squid	squid	2.0.release	cpe:2.3:a:squid:squid:2.0.release:::::::*
squid	squid	2.1.patch1	cpe:2.3:a:squid:squid:2.1.patch1:::::::*
squid	squid	2.1.patch2	cpe:2.3:a:squid:squid:2.1.patch2:::::::*
squid	squid	2.1.pre1	cpe:2.3:a:squid:squid:2.1.pre1:::::::*
squid	squid	2.1.pre3	cpe:2.3:a:squid:squid:2.1.pre3:::::::*
squid	squid	2.1.pre4	cpe:2.3:a:squid:squid:2.1.pre4:::::::*
squid	squid	2.1.release	cpe:2.3:a:squid:squid:2.1.release:::::::*