Detections
Analytics

Squid %xx URL Encoding ACL Bypass

high Nessus Plugin ID 12124

Language:

Synopsis

The remote service is vulnerable to an authentication bypass.

Description

The remote squid caching proxy, according to its version number, is vulnerable to a flaw that could allow an attacker to gain access to unauthorized resources.

The flaw itself consists of sending a malformed username containing the %00 (null) character, which could allow an attacker to access otherwise restricted resources.

Solution

Upgrade to squid 2.5.STABLE6 or newer

See Also

http://www.squid-cache.org/Advisories/SQUID-2004_1.txt

Plugin Details

Severity: High

ID: 12124

File Name: squid_null_url_auth_bypass.nasl

Version: 1.23

Type: remote

Family: Firewalls

Published: 4/4/2004

Updated: 7/30/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Required KB Items: Settings/ParanoidReport, www/squid

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/29/2004

Reference Information

CVE: CVE-2004-0189

BID: 9778