Vulnerabilities > CVE-2001-1030

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
squid
immunix
mandrakesoft
caldera
trustix
redhat
nessus
NVD
Published: 2001-07-18
Updated: 2024-11-20

Summary

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Vulnerable Configurations

Part Description Count
Application
Squid
2
Application
Immunix
3
Application
Mandrakesoft
1
Application
Caldera
1
OS
Mandrakesoft
4
OS
Trustix
3
OS
Redhat
1

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2001-066.NASL
descriptionThe Squid proxy server has a serious security flaw in versions 2.3.STABLE2 through 2.3.STABLE4. This problem surfaces when Squid is used in httpd_accel mode. If you configure http_accel_with_proxy off then any request to Squid is allowed. Malicious users may use your proxy to portscan remote systems, forge email, and other activities.
last seen2020-06-01
modified2020-06-02
plugin id13881
published2004-07-31
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/13881
titleMandrake Linux Security Advisory : squid (MDKSA-2001:066)

Redhat

advisories
rhsa
idRHSA-2001:097

References