CVE-2004-0189 - OpenCVE

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Squid	Squid

Configuration 1 [-]

OR	cpe:2.3:a:squid:squid:2.0_patch2:::::::*
	cpe:2.3:a:squid:squid:2.1_patch2:::::::*
	cpe:2.3:a:squid:squid:2.3_stable5:::::::*
	cpe:2.3:a:squid:squid:2.4:::::::*
	cpe:2.3:a:squid:squid:2.4_stable7:::::::*
	cpe:2.3:a:squid:squid:2.5_stable3:::::::*
	cpe:2.3:a:squid:squid:2.5_stable4:::::::*

References

Link	Resource
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt
ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838
http://marc.info/?l=bugtraq&m=108084935904110&w=2
http://security.gentoo.org/glsa/glsa-200403-11.xml
http://www.debian.org/security/2004/dsa-474
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025
http://www.osvdb.org/5916
http://www.redhat.com/support/errata/RHSA-2004-133.html
http://www.redhat.com/support/errata/RHSA-2004-134.html
http://www.securityfocus.com/bid/9778	Exploit Patch Vendor Advisory
http://www.squid-cache.org/Advisories/SQUID-2004_1.txt	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15366
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2016-09-15T13:57:01

Reserved: 2004-03-03T00:00:00

Link: CVE-2004-0189

JSON object: View

NVD Information

Status : Modified

Published: 2004-03-15T05:00:00.000

Modified: 2017-10-10T01:30:18.970

Link: CVE-2004-0189

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-02-29T00:00:00", "descriptions": [{"lang": "en", "value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-09-15T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SCOSA-2005.16", "tags": ["vendor-advisory", "x_refsource_SCO"], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"}, {"name": "20040404-01-U", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"}, {"name": "squid-urlregex-acl-bypass(15366)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"}, {"name": "DSA-474", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-474"}, {"name": "oval:org.mitre.oval:def:877", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"}, {"name": "9778", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9778"}, {"name": "MDKSA-2004:025", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"}, {"name": "oval:org.mitre.oval:def:941", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"}, {"name": "RHSA-2004:133", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"}, {"name": "RHSA-2004:134", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"}, {"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108084935904110&w=2"}, {"name": "GLSA-200403-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"}, {"name": "CLA-2004:838", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838"}, {"name": "5916", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/5916"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0189", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SCOSA-2005.16", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"}, {"name": "20040404-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"}, {"name": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt", "refsource": "CONFIRM", "url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"}, {"name": "squid-urlregex-acl-bypass(15366)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"}, {"name": "DSA-474", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-474"}, {"name": "oval:org.mitre.oval:def:877", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"}, {"name": "9778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9778"}, {"name": "MDKSA-2004:025", "refsource": "MANDRAKE", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"}, {"name": "oval:org.mitre.oval:def:941", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"}, {"name": "RHSA-2004:133", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"}, {"name": "RHSA-2004:134", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"}, {"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108084935904110&w=2"}, {"name": "GLSA-200403-11", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"}, {"name": "CLA-2004:838", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838"}, {"name": "5916", "refsource": "OSVDB", "url": "http://www.osvdb.org/5916"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0189", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2004-03-03T00:00:00", "dateUpdated": "2016-09-15T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*", "matchCriteriaId": "E0AA7680-E004-44AC-9AE9-C0186459C4B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*", "matchCriteriaId": "05A4829D-4DC1-4CD2-B136-48719A254EA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*", "matchCriteriaId": "DCC6CCDC-237A-408E-9CAF-D41EC3A9D45F", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "540AA8A9-A4AB-4DB2-B37E-11876348DF3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*", "matchCriteriaId": "885123F3-346F-451E-B72A-D0405F0B72E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*", "matchCriteriaId": "5F8096AB-99B9-4D08-AA13-6AFF0DD65BD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*", "matchCriteriaId": "A356D04A-7882-4A14-AD5F-2079EA0E79C7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."}, {"lang": "es", "value": "La funci\u00f3n de decodificaci\u00f3n de URL \"%xx\" en Squid 2.5STABLE4 y anteriores permite a atacantes remotos saltarse las listas de control de acceso (ACL) url_regex mediante una URL con un car\u00e1cter nulo (\"%00\"), lo que hace que Squid use s\u00f3lo un parte de la URL solicitada para compararla con la lista de control de acceso."}], "id": "CVE-2004-0189", "lastModified": "2017-10-10T01:30:18.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-03-15T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"}, {"source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"}, {"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108084935904110&w=2"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-474"}, {"source": "cve@mitre.org", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/5916"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9778"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}