| Revision Date: | 2013-04-29 | Version: | 12 |
| Title: | The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. |
| Description: | The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. |
| Family: | unix | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2004-0189
|
| Platform(s): | CentOS Linux 3
Red Hat Enterprise Linux 3
| Product(s): | |
| Definition Synopsis |
| RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3
OR CentOS Linux 3.x
AND squid is earlier than 7:2.5.STABLE3-5.3E
|