Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2004:133

The remote host is missing updates announced in
advisory RHSA-2004:133.

Squid is a full-featured Web proxy cache.

A bug was found in the processing of %-encoded characters in a URL in
versions of Squid 2.5.STABLE4 and earlier. If a Squid configuration uses
Access Control Lists (ACLs), a remote attacker could create URLs that would
not be correctly tested against Squid's ACLs, potentially allowing clients
to access prohibited URLs.

Users of Squid should update to these erratum packages which are not
vulnerable to this issue.

In addition, these packages contain a new Access Control type, urllogin,
which can be used to protect vulnerable Microsoft Internet Explorer clients
from accessing URLs that contain login information. Such URLs are often
used by fraudsters to trick web users into revealing valuable personal data.

Note that the default Squid configuration does not make use of this new
access control type. You must explicitly configure Squid with ACLs that
use this new type, in accordance with your own site policies.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: BugTraq ID: 9778
Common Vulnerability Exposure (CVE) ID: CVE-2004-0189
Bugtraq: 20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) (Google Search)
Conectiva Linux advisory: CLA-2004:838
Debian Security Information: DSA-474 (Google Search)
SCO Security Bulletin: SCOSA-2005.16
SGI Security Advisory: 20040404-01-U
XForce ISS Database: squid-urlregex-acl-bypass(15366)
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.