Squid < 2.5.STABLE5 %xx URL Encoding ACL Bypass
High Nessus Network Monitor Plugin ID 1212
SynopsisThe remote proxy server is vulnerable to a flaw which allows for the bypassing of authentication
DescriptionThe remote Squid caching proxy, according to its version number, is vulnerable to a flaw that may allow an attacker to gain access to unauthorized resources. The flaw in itself consists of sending a malformed username containing the %00 (null) character, that may allow an attacker to access otherwise restricted resources.
SolutionUpgrade to Squid 2.5.STABLE5 or later.