SquidGuard NULL URL Character Unauthorized Access Vulnerability
BID:9919
Info
SquidGuard NULL URL Character Unauthorized Access Vulnerability
| Bugtraq ID: | 9919 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 19 2004 12:00AM |
| Updated: | Mar 19 2004 12:00AM |
| Credit: | This issue has been reported by Petko Popadiyski <[email protected]>. |
| Vulnerable: |
squidGuard squidGuard 1.2 .0 squidGuard squidGuard 1.1.5 squidGuard squidGuard 1.1.4 squidGuard squidGuard 1.1.3 squidGuard squidGuard 1.1.2 squidGuard squidGuard 1.1.1 squidGuard squidGuard 1.1 .0 squidGuard squidGuard 1.0 .0 |
| Not Vulnerable: | |
Discussion
SquidGuard NULL URL Character Unauthorized Access Vulnerability
Reportedly SquidGuard is prone to a remote NULL URL character unauthorized access vulnerability. This issue is due to a failure of the application to properly filter out invalid URIs.
Successful exploitation of this issue may allow a remote attacker to bypass access controls resulting in unauthorized access to attacker-specified resources. This may allow the attacker to gain unauthorized access to sensitive resources.
Although it has not been confirmed, this issue may be related to the issue defined in BID 9778.
Reportedly SquidGuard is prone to a remote NULL URL character unauthorized access vulnerability. This issue is due to a failure of the application to properly filter out invalid URIs.
Successful exploitation of this issue may allow a remote attacker to bypass access controls resulting in unauthorized access to attacker-specified resources. This may allow the attacker to gain unauthorized access to sensitive resources.
Although it has not been confirmed, this issue may be related to the issue defined in BID 9778.
Exploit / POC
SquidGuard NULL URL Character Unauthorized Access Vulnerability
The following proof of concept has been supplied:
http://foo%[email protected]/
The following proof of concept has been supplied:
http://foo%[email protected]/
Solution / Fix
SquidGuard NULL URL Character Unauthorized Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SquidGuard NULL URL Character Unauthorized Access Vulnerability
References:
References:
- Product Home Page (squidGuard)