CVE-2005-0194
NONE EPSS 91.4%
Published May 2, 200521y ago · Modified Jun 16, 20262w ago
Published May 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
Threat Intelligence
EPSS Exploit Probability
91.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 38
| Vendor | Product | Version | Range |
|---|---|---|---|
| squid | squid | 2.0.patch1 | any |
| squid | squid | 2.0.patch2 | any |
| squid | squid | 2.0.pre1 | any |
| squid | squid | 2.0.release | any |
| squid | squid | 2.1.patch1 | any |
| squid | squid | 2.1.patch2 | any |
| squid | squid | 2.1.pre1 | any |
| squid | squid | 2.1.pre3 | any |
| squid | squid | 2.1.pre4 | any |
| squid | squid | 2.1.release | any |
| squid | squid | 2.2.devel3 | any |
| squid | squid | 2.2.devel4 | any |
| squid | squid | 2.2.pre1 | any |
| squid | squid | 2.2.pre2 | any |
| squid | squid | 2.2.stable1 | any |
| squid | squid | 2.2.stable2 | any |
| squid | squid | 2.2.stable3 | any |
| squid | squid | 2.2.stable4 | any |
| squid | squid | 2.2.stable5 | any |
| squid | squid | 2.3.devel2 | any |
| squid | squid | 2.3.devel3 | any |
| squid | squid | 2.3.stable1 | any |
| squid | squid | 2.3.stable2 | any |
| squid | squid | 2.3.stable3 | any |
| squid | squid | 2.3.stable4 | any |
| squid | squid | 2.3.stable5 | any |
| squid | squid | 2.4.stable1 | any |
| squid | squid | 2.4.stable2 | any |
| squid | squid | 2.4.stable3 | any |
| squid | squid | 2.4.stable4 | any |
| squid | squid | 2.4.stable6 | any |
| squid | squid | 2.4.stable7 | any |
| squid | squid | 2.5.stable1 | any |
| squid | squid | 2.5.stable2 | any |
| squid | squid | 2.5.stable3 | any |
| squid | squid | 2.5.stable4 | any |
| squid | squid | 2.5.stable5 | any |
| squid | squid | 2.5.stable6 | any |
References 8
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
- fedoranews.org http://fedoranews.org/updates/FEDORA--.shtml
- marc.info http://marc.info/?l=bugtraq&m=110901183320453&w=2
- debian.org http://www.debian.org/security/2005/dsa-667
- kb.cert.org http://www.kb.cert.org/vuls/id/260421
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch
- squid-cache.org http://www.squid-cache.org/bugs/show_bug.cgi?id=1166
Remediation
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
- debian.org http://www.debian.org/security/2005/dsa-667
- kb.cert.org http://www.kb.cert.org/vuls/id/260421
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
- squid-cache.org http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch