Lucene search
GoogleOSV:DSA-474HistoryApr 03, 2004 - 12:00 a.m.
squid - ACL bypass
2004-04-0300:00:00
Google
osv.dev
8
0.027 Low
EPSS
Percentile
90.6%
A vulnerability was discovered in squid, an Internet object cache,
whereby access control lists based on URLs could be bypassed
(CAN-2004-0189). Two other bugs were also fixed with patches
squid-2.4.STABLE7-url_escape.patch (a buffer overrun which does not
appear to be exploitable) and squid-2.4.STABLE7-url_port.patch (a
potential denial of service).
For the stable distribution (woody) these problems have been fixed in
version 2.4.6-2woody2.
For the unstable distribution (sid) these problems have been fixed in
version 2.5.5-1.
We recommend that you update your squid package.
References
Related
freebsd
freebsd
squid ACL bypass due to URL decoding bug
2004-02-29 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : squid (MDKSA-2004:025)
2004-07-31 00:00:00
FreeBSD : squid ACL bypass due to URL decoding bug (705e003a-7f36-11d8-9645-0020ed76ef5a)
2009-04-23 00:00:00
FreeBSD : squid ACL bypass due to URL decoding bug (182)
2004-07-06 00:00:00
openvas
openvas
FreeBSD Ports: squid
2008-09-04 00:00:00
Debian Security Advisory DSA 474-1 (squid)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200403-11 (Squid)
2008-09-24 00:00:00
securityvulns
securityvulns
MDKSA-2004:025 - Updated squid packages fix vulnerability
2004-04-01 00:00:00
cve
cve
CVE-2004-0189
2004-09-01 04:00:00
debiancve
debiancve
CVE-2004-0189
2004-09-01 04:00:00
gentoo
gentoo
Squid ACL [url_regex] bypass vulnerability
2004-03-30 00:00:00
nvd
nvd
CVE-2004-0189
2004-03-15 05:00:00
redhat
redhat
(RHSA-2004:133) squid security update
2004-04-14 00:00:00
debian
debian
[SECURITY] [DSA 474-1] New squid packages fix ACL bypass
2004-04-04 06:09:37
cvelist
cvelist
CVE-2004-0189
2004-09-01 04:00:00