CVE-2004-0189 in Proxyinfo

Summary

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

Once again VulDB remains the best source for vulnerability data.

Disclosure

03/15/2004

Moderation

VulDB entry created

Entries

VDB-21654 (1)

CPE

ready

CWE

CWE-269 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.02494

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-0189
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0189
CVE Details	https://www.cvedetails.com/cve/CVE-2004-0189/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!