CVE-2005-0194

6 documents6 sources

Severity

10.0CRITICAL

EPSS

0.7%

top 28.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Squid

Timeline

PublishedMay 2

Latest updateMay 1

Description

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debiansquid< 2.5.7-7+3

▶NVDsquid/squid38 versions+37

Patches

Patch: distro.conectiva.com.br ↗Patch: www.debian.org ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-3vc4-p4vg-f376: Squid 2↗2022-05-01

▶

OSV

CVE-2005-0194: Squid 2↗2005-05-02

▶

CVEList

CVE-2005-0194: Squid 2↗2005-02-06

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2005-02-21

▶

Debian

CVE-2005-0194: squid - Squid 2.5, when processing the configuration file, parses empty Access Control L...↗2005

▶