Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2480 — Squid vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

2.0%

top 16.31%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Squid Debian Squid National Science Foundation Squid WEB Proxy Cache

Timeline

PublishedDec 31

Latest updateApr 29

Description

Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDnational_science_foundation/squid_web_proxy_cache2.3_stable5

▶debiandebian/squid< squid 2.5 (bookworm)

▶Debiansquid/squid< 2.5+3

🔴Vulnerability Details

GHSA

GHSA-3pq4-c488-v2m4: Squid Web Proxy Cache 2↗2022-04-29

▶

OSV

CVE-2004-2480: Squid Web Proxy Cache 2↗2004-12-31

▶

💥Exploits & PoCs

Exploit-DB

National Science Foundation Squid Proxy 2.3 - Internet Access Control Bypass↗2004-05-10

▶

📋Vendor Advisories

Debian

CVE-2004-2480: squid - Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security con...↗2004

▶