Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2004-0189

Опубликовано: 15 мар. 2004
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*

EPSS

Процентиль: 89%
0.05083
Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

redhat логотип

CVE-2004-0189

redhat
больше 21 года назад

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

debian логотип

CVE-2004-0189

debian
больше 21 года назад

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows ...

github логотип

GHSA-wgp5-p97p-cph9

github
больше 3 лет назад

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

EPSS

Процентиль: 89%
0.05083
Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other