Squid Web Proxy Cache URL security bypass
| squid-url-bypass-security (16153) |  Medium Risk |
Description:
Squid Web Proxy Cache could allow a remote attacker to bypass security. A remote attacker could send a specially-crafted URL request to bypass access controls and access arbitrary Web sites.
Consequences:
Bypass Security
Remedy:
No remedy available as of May 1, 2013.
References:
- BugTraq Mailing List, Mon May 10 2004 - 16:16:30 CDT: a litle bypass with IE.
- Squid Web Proxy Cache Web site: Squid Web Proxy Cache.
- BID-10315: National Science Foundation Squid Proxy Internet Access Control Bypass Vulnerability
- CVE-2004-2480: Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via @@ sequences in a URL within Internet Explorer.
- OSVDB ID: 19173: Squid Web Proxy Cache @@ Security Control Bypass
Platforms Affected:
- Squid-Cache Squid 2.3 STABLE5
Reported:
May 10, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this