CVE-2002-0714

critical

Description

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.

References

http://www.squid-cache.org/Versions/v2/2.4/bugs/

http://www.squid-cache.org/Advisories/SQUID-2002_3.txt

http://www.securityfocus.com/bid/5158

http://www.osvdb.org/5924

http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php

http://www.iss.net/security_center/static/9479.php

http://rhn.redhat.com/errata/RHSA-2002-130.html

http://rhn.redhat.com/errata/RHSA-2002-051.html

http://marc.info/?l=bugtraq&m=102674543407606&w=2

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506

Details

Source: Mitre, NVD

Published: 2002-07-26

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00172

Detections

Analytics