SecuritySpace - CVE-2004-0189

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

CVE ID:	CVE-2004-0189
Description:	The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Test IDs:	1.3.6.1.4.1.25623.1.0.51028 1.3.6.1.4.1.25623.1.0.53172 1.3.6.1.4.1.25623.1.0.50664 1.3.6.1.4.1.25623.1.0.50307 1.3.6.1.4.1.25623.1.0.12124 1.3.6.1.4.1.25623.1.0.52897 1.3.6.1.4.1.25623.1.0.52488 1.3.6.1.4.1.25623.1.0.51341 1.3.6.1.4.1.25623.1.0.54536
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0189 Conectiva Linux advisory: CLA-2004:838 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838 Debian Security Information: DSA-474 (Google Search) http://www.debian.org/security/2004/dsa-474 http://security.gentoo.org/glsa/glsa-200403-11.xml http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025 RedHat Security Advisories: RHSA-2004:133 http://www.redhat.com/support/errata/RHSA-2004-133.html RedHat Security Advisories: RHSA-2004:134 http://www.redhat.com/support/errata/RHSA-2004-134.html SCO Security Bulletin: SCOSA-2005.16 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt SGI Security Advisory: 20040404-01-U ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc Bugtraq: 20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=108084935904110&w=2 BugTraq ID: 9778 http://www.securityfocus.com/bid/9778 XForce ISS Database: squid-urlregex-acl-bypass(15366) http://xforce.iss.net/xforce/xfdb/15366 http://www.osvdb.org/5916 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:877 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:941