CVE-2002-0714 — Squid vulnerability

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 61.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Debian Squid

Timeline

PublishedJul 26

Latest updateMay 3

Description

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/squid< squid 2.4.6 (bookworm)

▶Debiansquid/squid< 2.4.6+3

▶NVDsquid/squid2.4.stable6

Patches

Patch: rhn.redhat.com ↗Patch: www.linux-mandrake.com ↗Patch: www.squid-cache.org ↗

🔴Vulnerability Details

GHSA

GHSA-pqhg-h683-23rw: FTP proxy in Squid before 2↗2022-05-03

▶

OSV

CVE-2002-0714: FTP proxy in Squid before 2↗2002-07-26

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-07-03

▶

Debian

CVE-2002-0714: squid - FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of contr...↗2002

▶

💬Community

Bugzilla

CVE-2002-0714 security flaw↗2018-08-16

▶