Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Squid_web_proxy | National_science_foundation | 1.0 (including) | 1.0 (including) |
| Squid_web_proxy | National_science_foundation | 1.0novm (including) | 1.0novm (including) |
| Squid_web_proxy | National_science_foundation | 1.1 (including) | 1.1 (including) |
| Squid_web_proxy | National_science_foundation | 2.1 (including) | 2.1 (including) |
| Squid_web_proxy | National_science_foundation | 2.2 (including) | 2.2 (including) |
References
- http://www.securityfocus.com/archive/1/33295
- http://www.securityfocus.com/bid/741
- http://www.squid-cache.org/Versions/v2/2.2/bugs/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3433
- http://www.securityfocus.com/archive/1/33295
- http://www.securityfocus.com/bid/741
- http://www.squid-cache.org/Versions/v2/2.2/bugs/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3433