Squid < 2.5.STABLE7 Report Information Disclosure

Critical Nessus Network Monitor Plugin ID 2491

Synopsis

The remote proxy server may give an attacker information useful for future attacks.

Description

The remote host is running the Squid proxy. The server has web-based proxy reporting enabled. An attacker viewing these pages would be able to gain information that may be useful in future attacks. This occurs when Squid processes the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

Solution

Use ACLs to protect the Squid proxy reports. Alternatively, Squid 2.5.STABLE7 has been patched for this vulnerability.

See Also

http://www.squid-cache.org

http://www.squid-cache.org/Versions/v2/2.5/bugs

http://www.nessus.org/u?4488786e

Plugin Details

Severity: Critical

ID: 2491

File Name: 2491.prm

Family: Web Servers

Published: 2005/01/06

Modified: 2016/11/23

Dependencies: 3389

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Patch Publication Date: 2004/10/05

Vulnerability Publication Date: 2004/10/05

Reference Information

CVE: CVE-2005-0194

OSVDB: 12633