CVE-2004-0189
published 2004-03-15CVE-2004-0189: The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
13.81%
96.0th percentile
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 2.5.5-1 (bookworm) | squid 2.5.5-1 (bookworm) |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | — | — |
| squid | squid | >= 0 < 2.5.5-1 | 2.5.5-1 |
| squid | squid | >= 0 < 2.5.5-1 | 2.5.5-1 |
| squid | squid | >= 0 < 2.5.5-1 | 2.5.5-1 |
| squid | squid | >= 0 < 2.5.5-1 | 2.5.5-1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wgp5-p97p-cph9: The "%xx" URL decoding function in Squid 2
ghsa_unreviewed·2022-05-03
CVE-2004-0189 [HIGH] GHSA-wgp5-p97p-cph9: The "%xx" URL decoding function in Squid 2
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
OSV
CVE-2004-0189: The "%xx" URL decoding function in Squid 2
osv·2004-03-15·CVSS 7.5
CVE-2004-0189 [HIGH] CVE-2004-0189: The "%xx" URL decoding function in Squid 2
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Red Hat
security flaw
vendor_redhat·2004-02-29·CVSS 7.5
CVE-2004-0189 [HIGH] security flaw
security flaw
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Debian
CVE-2004-0189: squid - The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote at...
vendor_debian·2004·CVSS 7.5
CVE-2004-0189 [HIGH] CVE-2004-0189: squid - The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote at...
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Scope: local
bookworm: resolved (fixed in 2.5.5-1)
bullseye: resolved (fixed in 2.5.5-1)
forky: resolved (fixed in 2.5.5-1)
sid: resolved (fixed in 2.5.5-1)
trixie: resolved (fixed in 2.5.5-1)
No detection rules found.
CWE
Improper Handling of URL Encoding (Hex Encoding)
mitre_cwe·CVSS 7.5
[HIGH] CWE-177 Improper Handling of URL Encoding (Hex Encoding)
CWE-177: Improper Handling of URL Encoding (Hex Encoding)
The product does not properly handle when all or part of an input has been URL encoded.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Potential Mitigations:
[Architecture and Design] Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names.
[Implementation] Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including le
CWE
Improper Neutralization of Null Byte or NUL Character
mitre_cwe
CWE-158 Improper Neutralization of Null Byte or NUL Character
CWE-158: Improper Neutralization of Null Byte or NUL Character
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.
As data is parsed, an injected NUL character or null byte may cause the product to believe the input is terminated earlier than it actually is, or otherwise cause the input to be misinterpreted. This could then be used to inject potentially dangerous input that occurs after the null byte or otherwise bypass validation routines and other protection mechanisms.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Potential Mitigations:
Developers should anticipate that null characters or
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txtftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838http://marc.info/?l=bugtraq&m=108084935904110&w=2http://security.gentoo.org/glsa/glsa-200403-11.xmlhttp://www.debian.org/security/2004/dsa-474http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025http://www.osvdb.org/5916http://www.redhat.com/support/errata/RHSA-2004-133.htmlhttp://www.redhat.com/support/errata/RHSA-2004-134.htmlhttp://www.securityfocus.com/bid/9778http://www.squid-cache.org/Advisories/SQUID-2004_1.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/15366https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txtftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838http://marc.info/?l=bugtraq&m=108084935904110&w=2http://security.gentoo.org/glsa/glsa-200403-11.xmlhttp://www.debian.org/security/2004/dsa-474http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025http://www.osvdb.org/5916http://www.redhat.com/support/errata/RHSA-2004-133.htmlhttp://www.redhat.com/support/errata/RHSA-2004-134.htmlhttp://www.securityfocus.com/bid/9778http://www.squid-cache.org/Advisories/SQUID-2004_1.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/15366https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941
2004-03-15
Published