CVE-2004-0189

Name of the Vulnerable Software and Affected Versions Squid versions 2.5STABLE4 and earlier

Description The issue allows remote attackers to bypass url regex ACLs by using a URL with a NULL ("%00") character. This causes the software to use only a portion of the requested URL when comparing it against the access control lists.

Recommendations For Squid versions 2.5STABLE4 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict access to URLs containing NULL ("%00") characters to minimize the risk of bypassing access control lists.