Описание
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
Ссылки
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.4_stable_2 (включая)
cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*
cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*
EPSS
Процентиль: 45%
0.00223
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
redhat
больше 23 лет назад
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
github
больше 3 лет назад
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
EPSS
Процентиль: 45%
0.00223
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other