Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0189Improper Handling of URL Encoding (Hex Encoding) in Squid

CWE-177Improper Handling of URL Encoding (Hex Encoding)CWE-158Improper Neutralization of Null Byte or NUL Character9 documents8 sources
Severity
7.5HIGHNVD
EPSS
2.5%
top 14.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SquidDebian Squid
Timeline
PublishedMar 15
Latest updateMay 3

Description

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/squid< squid 2.5.5-1 (bookworm)
Debiansquid/squid< 2.5.5-1+3
NVDsquid/squid7 versions+6

Patches

Patch: www.securityfocus.comPatch: www.squid-cache.orgPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-wgp5-p97p-cph9: The "%xx" URL decoding function in Squid 22022-05-03
OSV
CVE-2004-0189: The "%xx" URL decoding function in Squid 22004-03-15

💥Exploits & PoCs

1
Exploit-DB
Squid Proxy 2.4/2.5 - NULL URL Character Unauthorized Access2004-03-01

📋Vendor Advisories

2
Red Hat
security flaw2004-02-29
Debian
CVE-2004-0189: squid - The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote at...2004

📐Framework References

2
CWE
Improper Handling of URL Encoding (Hex Encoding)
CWE
Improper Neutralization of Null Byte or NUL Character

💬Community

1
Bugzilla
CVE-2004-0189 security flaw2018-08-16