LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

squid - vulnerability in URL decoding

Package(s):squid CVE #(s):CAN-2004-0189
Created:March 29, 2004 Updated:April 20, 2004
Description: A bug was found in the processing of %-encoded characters in a URL in versions of Squid 2.5.STABLE4 and earlier. If a Squid configuration uses Access Control Lists (ACLs), a remote attacker could create URLs that would not be correctly tested against Squid's ACLs, potentially allowing clients to access prohibited URLs.
Alerts:
Whitebox WBSA-2004:133-01 2004-04-19
Fedora FEDORA-2004-104 2004-04-15
Red Hat RHSA-2004:133-01 2004-04-14
Conectiva CLA-2004:838 2004-04-12
Debian DSA-474-1 2004-04-03
OpenPKG OpenPKG-SA-2004.008 2004-04-01
Mandrake MDKSA-2004:025 2004-03-30
Gentoo 200403-11 2004-03-30
Red Hat RHSA-2004:134-01 2004-03-29
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds