Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2001-1030

Published: Jul 18, 2001 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2001-1030
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Affected Software

Name Vendor Start Version End Version
Openlinux_server Caldera 3.1 (including) 3.1 (including)
Immunix Immunix 6.2 (including) 6.2 (including)
Immunix Immunix 7.0 (including) 7.0 (including)
Immunix Immunix 7.0_beta (including) 7.0_beta (including)
Mandrake_single_network_firewall Mandrakesoft 7.2 (including) 7.2 (including)
Squid_web_proxy Squid 2.3stable3 (including) 2.3stable3 (including)
Squid_web_proxy Squid 2.3stable4 (including) 2.3stable4 (including)
Red Hat Linux 7.0 RedHat *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use