Vulnerability Name:

CVE-2004-0189 (CCN-15366)

Assigned:2004-02-29
Published:2004-02-29
Updated:2017-10-10
Summary:The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: SCO
Type: UNKNOWN
SCOSA-2005.16

Source: SGI
Type: UNKNOWN
20040404-01-U

Source: MITRE
Type: CNA
CVE-2004-0189

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:838

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:838
ACL bypass vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)

Source: CCN
Type: RHSA-2004-133
squid security update

Source: CCN
Type: RHSA-2004-134
Updated squid package fixes security vulnerability

Source: GENTOO
Type: UNKNOWN
GLSA-200403-11

Source: CCN
Type: CIAC Information Bulletin O-108
Squid ACL Bypass Vulnerability

Source: DEBIAN
Type: UNKNOWN
DSA-474

Source: DEBIAN
Type: DSA-474
squid -- ACL bypass

Source: CCN
Type: GLSA-200403-11
Squid ACL [url_regex] bypass vulnerability

Source: CCN
Type: SCO Security Advisory SCOSA-2004.13
squid %-encoded characters in a URL

Source: CCN
Type: SCO Security Advisory SCOSA-2005.16
UnixWare 7.1.4 : squid updated package fixes several security issues

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:025

Source: CCN
Type: OpenPKG-SA-2004.008
Squid

Source: OSVDB
Type: UNKNOWN
5916

Source: CCN
Type: OSVDB ID: 5916
Squid Proxy %xx URL Encoding ACL Bypass

Source: REDHAT
Type: UNKNOWN
RHSA-2004:133

Source: REDHAT
Type: UNKNOWN
RHSA-2004:134

Source: BID
Type: Exploit, Patch, Vendor Advisory
9778

Source: CCN
Type: BID-9778
Squid Proxy NULL URL Character Unauthorized Access Vulnerability

Source: CCN
Type: Squid Web site
Squid Web Proxy Cache

Source: CCN
Type: Squid Proxy Cache Security Update Advisory SQUID-2004:1
Squid-2.5.STABLE5 fixes and features for URL encoding tricks.

Source: CONFIRM
Type: Exploit, Patch, Vendor Advisory
http://www.squid-cache.org/Advisories/SQUID-2004_1.txt

Source: CCN
Type: TLSA-2004-24
Vulnerability allowing bypassing of access control lists

Source: XF
Type: UNKNOWN
squid-urlregex-acl-bypass(15366)

Source: XF
Type: UNKNOWN
squid-urlregex-acl-bypass(15366)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:877

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:941

Vulnerable Configuration:Configuration 1:
  • cpe:/a:squid:squid:2.0_patch2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.1_patch2:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.3_stable5:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.4_stable7:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5_stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid:squid:2.5_stable4:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*
  • OR cpe:/a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:11354
    V
    		The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
    2013-04-29
    oval:org.mitre.oval:def:877
    V
    		Red Hat Squid ACL Bypass Vulnerability
    2010-09-20
    oval:org.mitre.oval:def:941
    V
    		Red Hat Enterprise 3 Squid ACL Bypass Vulnerability
    2010-09-20
    oval:com.redhat.rhsa:def:20040133
    P
    		RHSA-2004:133: squid security update (Low)
    2004-04-14
    oval:org.debian:def:474
    V
    		ACL bypass
    2004-04-03
    BACK
    squid squid 2.0_patch2
    squid squid 2.1_patch2
    squid squid 2.3_stable5
    squid squid 2.4
    squid squid 2.4_stable7
    squid squid 2.5_stable3
    squid squid 2.5_stable4
    squid-cache squid 2.4
    squid-cache squid 2.4.stable2
    squid-cache squid 2.4.stable6
    squid-cache squid 2.5.stable4
    squid-cache squid 2.5.stable3
    squid-cache squid 2.5.stable1
    squid-cache squid 2.4.stable7
    conectiva linux 8.0
    debian debian linux 3.0
    openpkg openpkg current
    gentoo linux *
    mandrakesoft mandrake multi network firewall 8.2
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    conectiva linux 9.0
    openpkg openpkg 1.3
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    openpkg openpkg 2.0
    mandrakesoft mandrake linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1