CVE-2005-0194

NONE EPSS 91.4%
Published May 2, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

Threat Intelligence

EPSS Exploit Probability
91.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 38

VendorProductVersionRange
squidsquid2.0.patch1any
squidsquid2.0.patch2any
squidsquid2.0.pre1any
squidsquid2.0.releaseany
squidsquid2.1.patch1any
squidsquid2.1.patch2any
squidsquid2.1.pre1any
squidsquid2.1.pre3any
squidsquid2.1.pre4any
squidsquid2.1.releaseany
squidsquid2.2.devel3any
squidsquid2.2.devel4any
squidsquid2.2.pre1any
squidsquid2.2.pre2any
squidsquid2.2.stable1any
squidsquid2.2.stable2any
squidsquid2.2.stable3any
squidsquid2.2.stable4any
squidsquid2.2.stable5any
squidsquid2.3.devel2any
squidsquid2.3.devel3any
squidsquid2.3.stable1any
squidsquid2.3.stable2any
squidsquid2.3.stable3any
squidsquid2.3.stable4any
squidsquid2.3.stable5any
squidsquid2.4.stable1any
squidsquid2.4.stable2any
squidsquid2.4.stable3any
squidsquid2.4.stable4any
squidsquid2.4.stable6any
squidsquid2.4.stable7any
squidsquid2.5.stable1any
squidsquid2.5.stable2any
squidsquid2.5.stable3any
squidsquid2.5.stable4any
squidsquid2.5.stable5any
squidsquid2.5.stable6any

References 8

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
    Patch
  • fedoranews.org http://fedoranews.org/updates/FEDORA--.shtml
  • marc.info http://marc.info/?l=bugtraq&m=110901183320453&w=2
  • debian.org http://www.debian.org/security/2005/dsa-667
    PatchVendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/260421
    PatchThird Party AdvisoryUS Government Resource
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
    Patch
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch
    Patch
  • squid-cache.org http://www.squid-cache.org/bugs/show_bug.cgi?id=1166
    Vendor Advisory

Remediation

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
    Patch
  • debian.org http://www.debian.org/security/2005/dsa-667
    PatchVendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/260421
    PatchThird Party AdvisoryUS Government Resource
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
    Patch
  • squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch
    Patch