Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-02-06T05:00:00
Updated: 2024-08-07T21:05:24.953Z
Reserved: 2005-01-31T00:00:00
Link: CVE-2005-0194
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-05-02T04:00:00.000
Modified: 2024-11-20T23:54:36.480
Link: CVE-2005-0194
Redhat
No data.