PT-2005-2347 · Squid+1 · Squid+2

Published

2005-04-28

Updated

2017-10-11

CVE-2005-1345

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Squid versions 2.5.STABLE9 and earlier

Description: The issue arises when Squid identifies missing or invalid ACLs in the http access configuration. Instead of triggering a fatal error, it could lead to less restrictive ACLs than intended by the administrator.

Recommendations: For Squid versions 2.5.STABLE9 and earlier, consider updating the http access configuration to ensure all ACLs are properly defined and valid to enforce the intended access restrictions. As a temporary workaround, manually review and validate all ACL configurations to minimize potential security risks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1345

DSA-721-1

RHSA-2005:415

RHSA-2005_415

Affected Products

Red Hat

Squid

Squid Cache

PT-2005-2347 · Squid+1 · Squid+2

CVE-2005-1345

Related Identifiers

Affected Products

References · 18