Oval Definition:oval:org.mitre.oval:def:877
Revision Date:2010-09-20Version:22
Title:Red Hat Squid ACL Bypass Vulnerability
Description:The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0189
Platform(s):Red Hat Linux 9
Product(s):
Definition Synopsis
  • Software section
  • Red Hat 9 is installed
  • AND ix86 architecture
  • AND squid version is less than 2.5STABLE1-3.9
  • AND Configuration section
  • squid is listening on the network
    • BACK