CVE-2005-0194

Name of the Vulnerable Software and Affected Versions Squid version 2.5

Description The issue arises when Squid processes its configuration file, specifically with empty Access Control Lists (ACLs), including proxy auth ACLs that lack defined authentication schemes. This parsing behavior can remove arguments, potentially allowing remote attackers to bypass intended ACLs if the administrator disregards parser warnings.

Recommendations For Squid version 2.5, ensure that all Access Control Lists (ACLs), especially proxy auth ACLs, have defined authentication schemes to prevent the removal of arguments during configuration file processing. Define proper auth schemes for proxy auth ACLs to maintain the integrity of intended ACLs.