header-logo
Suggest Exploit
vendor:
SquidGuard
by:
SecurityFocus
7.5
CVSS
HIGH
Remote NULL URL Character Unauthorized Access
20
CWE
Product Name: SquidGuard
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2002-1445
CPE: o:squidguard:squidguard
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2002

Reportedly SquidGuard is prone to a remote NULL URL character unauthorized access vulnerability

SquidGuard is prone to a remote NULL URL character unauthorized access vulnerability. This issue is due to a failure of the application to properly filter out invalid URIs. Successful exploitation of this issue may allow a remote attacker to bypass access controls resulting in unauthorized access to attacker-specified resources.

Mitigation:

Upgrade to the latest version of SquidGuard.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9919/info

Reportedly SquidGuard is prone to a remote NULL URL character unauthorized access vulnerability. This issue is due to a failure of the application to properly filter out invalid URIs.

Successful exploitation of this issue may allow a remote attacker to bypass access controls resulting in unauthorized access to attacker-specified resources. This may allow the attacker to gain unauthorized access to sensitive resources.

http://foo%00@www.example.com/

Navigation

Suggest Exploit

Services By CQR