header-logo
Suggest Exploit
vendor:
Squid Proxy
by:
SecurityFocus
7.5
CVSS
HIGH
Bypass Access Controls
287
CWE
Product Name: Squid Proxy
Affected Version From: 2
Affected Version To: 2.5 STABLE4
Patch Exists: YES
Related CWE: N/A
CPE: a:squid:squid_proxy
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Unauthorized Access Vulnerability in Squid Proxy

It has been reported that Squid Proxy may be prone to an unauthorized access vulnerability that may allow remote users to bypass access controls resulting in unauthorized access to attacker-specified resources. The vulnerability presents itself when a URI that is designed to access a specific location with a supplied username, contains '%00' characters. This sequence may be placed as part of the username value prior to the @ symbol in the malicious URI.

Mitigation:

Ensure that access controls are properly configured and enforced.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9778/info

It has been reported that Squid Proxy may be prone to an unauthorized access vulnerability that may allow remote users to bypass access controls resulting in unauthorized access to attacker-specified resources. The vulnerability presents itself when a URI that is designed to access a specific location with a supplied username, contains '%00' characters. This sequence may be placed as part of the username value prior to the @ symbol in the malicious URI.

Squid Proxy versions 2.0 to 2.5 STABLE4 are reported to be prone to this vulnerability.

http://foo%00@www.example.com/

Navigation

Suggest Exploit

Services By CQR