header-logo
Suggest Exploit
vendor:
Squid Proxy
by:
Unknown
7.5
CVSS
HIGH
Internet Access Control Bypass
264
CWE
Product Name: Squid Proxy
Affected Version From: 2.3.STABLE5
Affected Version To: Unknown (likely affects other versions)
Patch Exists: NO
Related CWE:
CPE: squid
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Squid Proxy Internet Access Control Bypass Vulnerability

Squid proxy is affected by an Internet access control bypass vulnerability. The issue arises due to the failure of the application to handle access controls properly when evaluating malformed URI requests. This vulnerability allows users who are restricted from accessing Internet-based resources to access arbitrary websites.

Mitigation:

No known mitigation or remediation is available for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10315/info

Squid proxy has been reported to be affected by an Internet access control bypass vulnerability. This issue is caused by a failure of the application to properly handle access controls when evaluating malformed URI requests.

This issue is reported to affect version 2.3.STABLE5 of the software, it is likely however that other versions are also affected.

This issue would allow users that are restricted from accessing Internet-based resources to access arbitrary web sites.

http://@@website_allowed.pt@restricted_internet_resource.html

Navigation

Suggest Exploit

Services By CQR