7.5 - CVE-2004-0189

Executive Summary

Informations
Name	CVE-2004-0189	First vendor Publication	2004-03-15
Vendor	Cve	Last vendor Modification	2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189

CAPEC : Common Attack Pattern Enumeration & Classification

Id	Name
CAPEC-52	Embedding NULL Bytes
CAPEC-53	Postfix, Null Terminate, and Backslash
CAPEC-64	Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-72	URL Encoding

CWE : Common Weakness Enumeration

%	Id	Name

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11354

Oval ID:	oval:org.mitre.oval:def:11354
Title:	The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Description:	The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0189	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND squid is earlier than 7:2.5.STABLE3-5.3E

Definition Id: oval:org.mitre.oval:def:877

Oval ID:	oval:org.mitre.oval:def:877
Title:	Red Hat Squid ACL Bypass Vulnerability
Description:	The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0189	Version:	4
Platform(s):	Red Hat Linux 9	Product(s):
Definition Synopsis:
Software section Red Hat 9 is installed AND ix86 architecture AND squid version is less than 2.5STABLE1-3.9 AND Configuration section squid is listening on the network

Definition Id: oval:org.mitre.oval:def:941

Oval ID:	oval:org.mitre.oval:def:941
Title:	Red Hat Enterprise 3 Squid ACL Bypass Vulnerability
Description:	The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0189	Version:	4
Platform(s):	Red Hat Enterprise Linux 3	Product(s):
Definition Synopsis:
Software section Red Hat Enterprise 3 is installed AND ix86 architecture AND squid version is less than 2.5.STABLE3-5.3E AND Configuration section squid is listening on the network

CPE : Common Platform Enumeration

Type	Description	Count
Application	Squid cpe:2.3:a:squid:squid:2.5_stable4:::::::* cpe:2.3:a:squid:squid:2.5_stable3:::::::* cpe:2.3:a:squid:squid:2.4_stable7:::::::* cpe:2.3:a:squid:squid:2.4:::::::* cpe:2.3:a:squid:squid:2.3_stable5:::::::* cpe:2.3:a:squid:squid:2.1_patch2:::::::* cpe:2.3:a:squid:squid:2.0_patch2:::::::*	7

OpenVAS Exploits

Date	Description
2008-09-24	Name : Gentoo Security Advisory GLSA 200403-11 (Squid) File : nvt/glsa_200403_11.nasl
2008-09-04	Name : FreeBSD Ports: squid File : nvt/freebsd_squid12.nasl
2008-01-17	Name : Debian Security Advisory DSA 474-1 (squid) File : nvt/deb_474_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
5916	Squid Proxy %xx URL Encoding ACL Bypass Squid Web Proxy Cache contains a flaw that may allow a malicious user to bypass access control lists. The issue is triggered when sending a specially crafted URL request containing '%00' in it. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

Nessus® Vulnerability Scanner

Date	Description
2009-04-23	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_705e003a7f3611d896450020ed76ef5a.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-474.nasl - Type : ACT_GATHER_INFO
2004-08-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200403-11.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-025.nasl - Type : ACT_GATHER_INFO
2004-07-23	Name : The remote Fedora Core host is missing a security update. File : fedora_2004-104.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-133.nasl - Type : ACT_GATHER_INFO
2004-04-04	Name : The remote service is vulnerable to an authentication bypass. File : squid_null_url_auth_bypass.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt
ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838
http://marc.info/?l=bugtraq&m=108084935904110&w=2
http://security.gentoo.org/glsa/glsa-200403-11.xml
http://www.debian.org/security/2004/dsa-474
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025
http://www.osvdb.org/5916
http://www.redhat.com/support/errata/RHSA-2004-133.html
http://www.redhat.com/support/errata/RHSA-2004-134.html
http://www.securityfocus.com/bid/9778
http://www.squid-cache.org/Advisories/SQUID-2004_1.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/15366
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:23:07	Multiple Updates
2024-11-28 12:06:01	Multiple Updates
2021-05-04 12:02:17	Multiple Updates
2021-04-22 01:02:26	Multiple Updates
2020-05-23 00:15:44	Multiple Updates
2017-10-10 09:23:26	Multiple Updates
2016-10-18 12:01:18	Multiple Updates
2016-09-17 09:24:55	Multiple Updates
2016-06-28 15:05:13	Multiple Updates
2016-04-26 12:47:38	Multiple Updates
2014-02-17 10:27:16	Multiple Updates
2013-05-11 11:40:09	Multiple Updates

Global Informations

Type	Count
Capec ID(s)	4
CWE ID(s)	2
Oval ID(s)	3
CPE ID(s)	7
Sources(s)	15
osvdb(s)	1
Openvas Exploit(s)	3
Nessus® Exploit(s)	7

	Related
7.5	DSA-474
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.5 - CVE-2004-0189

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CAPEC : Common Attack Pattern Enumeration & Classification

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU