cbcvebase.
CVE-2005-0173
published 2005-05-02

CVE-2005-0173: squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at…

PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
31.94%
98.1th percentile
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

Affected

43 ranges· showing 25
VendorProductVersion rangeFixed in
debiansquid< squid 2.5.7-4 (bookworm)squid 2.5.7-4 (bookworm)
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid
squidsquid

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.