CVE-2004-2479 — Squid vulnerability

7 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.0%

top 22.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Debian Squid National Science Foundation Squid WEB Proxy Cache

Timeline

PublishedDec 31

Latest updateApr 29

Description

Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDnational_science_foundation/squid_web_proxy_cache7 versions+6

▶debiandebian/squid< squid 2.5.8 (bookworm)

▶Debiansquid/squid< 2.5.8+3

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wf7x-gjvh-m5r3: Squid Web Proxy Cache 2↗2022-04-29

▶

OSV

CVE-2004-2479: Squid Web Proxy Cache 2↗2004-12-31

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-11-23

▶

Debian

CVE-2004-2479: squid - Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive infor...↗2004

▶

💬Community

Bugzilla

CVE-2004-2479 security flaw↗2018-08-16

▶

Bugzilla

Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-1345↗2004-10-11

▶