Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Squid < 2.5.STABLE5 %xx URL Encoding ACL Bypass

High

Synopsis

The remote proxy server is vulnerable to a flaw which allows for the bypassing of authentication

Description

The remote Squid caching proxy, according to its version number, is vulnerable to a flaw that may allow an attacker to gain access to unauthorized resources. The flaw in itself consists of sending a malformed username containing the %00 (null) character, that may allow an attacker to access otherwise restricted resources.

Solution

Upgrade to Squid 2.5.STABLE5 or later.