This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor National Science Foundation First view 1998-02-20
Product Squid Web Proxy Last view 2001-03-12
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:national_science_foundation:squid_web_proxy:1.1.20:*:*:*:*:*:*:* 1
cpe:2.3:a:national_science_foundation:squid_web_proxy:1.0novm:*:*:*:*:*:*:* 1
cpe:2.3:a:national_science_foundation:squid_web_proxy:1.1:*:*:*:*:*:*:* 1
cpe:2.3:a:national_science_foundation:squid_web_proxy:1.0:*:*:*:*:*:*:* 1
cpe:2.3:a:national_science_foundation:squid_web_proxy:2.1:*:*:*:*:*:*:* 1
cpe:2.3:a:national_science_foundation:squid_web_proxy:2.2:*:*:*:*:*:*:* 1
cpe:2.3:a:national_science_foundation:squid_web_proxy:2.3_stable4:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
1.2 2001-03-12 CVE-2001-0142

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

5 1999-12-31 CVE-1999-1481

Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.

7.5 1998-02-20 CVE-1999-1273

Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences.

Open Source Vulnerability Database (OSVDB)

id Description
9904 Squid Internet Object Cache Regular Expression ACL Bypass
1712 Squid Email Notification /tmp Symlink Arbitrary File Overwrite
1125 Squid Web Proxy Newline Authentication Bypass

OpenVAS Exploits

id Description
2008-01-17 Name : Debian Security Advisory DSA 019-1 (squid)
File : nvt/deb_019_1.nasl

Nessus® Vulnerability Scanner

id Description
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2001-003.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-019.nasl - Type: ACT_GATHER_INFO