Vulnerabilites related to squid - squid_web_proxy
Vulnerability from fkie_nvd
Published
2001-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid | squid_web_proxy | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid:squid_web_proxy:*:*:*:*:*:*:*:*", matchCriteriaId: "A44E11F5-90CB-4057-BFCA-EBCA488D3049", versionEndIncluding: "2.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.", }, ], id: "CVE-2001-0843", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-12-06T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/linux/conectiva/2001-q3/0020.html", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=100109679010256&w=2", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2001/dsa-077", }, { source: "cve@mitre.org", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2001_037_squid_txt.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2001-113.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/3354", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/linux/conectiva/2001-q3/0020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=100109679010256&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2001/dsa-077", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2001_037_squid_txt.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2001-113.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/3354", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7157", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2001-07-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openlinux_server | 3.1 | |
| immunix | immunix | 6.2 | |
| immunix | immunix | 7.0 | |
| immunix | immunix | 7.0_beta | |
| mandrakesoft | mandrake_single_network_firewall | 7.2 | |
| squid | squid_web_proxy | 2.3stable3 | |
| squid | squid_web_proxy | 2.3stable4 | |
| mandrakesoft | mandrake_linux | 7.1 | |
| mandrakesoft | mandrake_linux | 7.2 | |
| mandrakesoft | mandrake_linux | 8.0 | |
| mandrakesoft | mandrake_linux_corporate_server | 1.0.1 | |
| redhat | linux | 7.0 | |
| trustix | secure_linux | 1.1 | |
| trustix | secure_linux | 1.01 | |
| trustix | secure_linux | 1.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*", matchCriteriaId: "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC", vulnerable: true, }, { criteria: "cpe:2.3:a:immunix:immunix:6.2:*:*:*:*:*:*:*", matchCriteriaId: "DB0F79BE-8EBF-44D8-83A1-9331669BED54", vulnerable: true, }, { criteria: "cpe:2.3:a:immunix:immunix:7.0:*:*:*:*:*:*:*", matchCriteriaId: "660CA978-FDA1-4D48-8162-9CB9243A1B7E", vulnerable: true, }, { criteria: "cpe:2.3:a:immunix:immunix:7.0_beta:*:*:*:*:*:*:*", matchCriteriaId: "1A2889C6-8DE0-4432-812A-F2A5C4A08897", vulnerable: true, }, { criteria: "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*", matchCriteriaId: "7A188467-3856-4599-A2CD-BD2655974B63", vulnerable: true, }, { criteria: "cpe:2.3:a:squid:squid_web_proxy:2.3stable3:*:*:*:*:*:*:*", matchCriteriaId: "1D5299EE-5CA6-4A9E-9543-BDB0ADF9ED68", vulnerable: true, }, { criteria: "cpe:2.3:a:squid:squid_web_proxy:2.3stable4:*:*:*:*:*:*:*", matchCriteriaId: "69466E6B-CD99-4A6F-87EE-1CC430573509", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", matchCriteriaId: "3EC1FF5D-5EAB-44D5-B281-770547C70D68", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*", matchCriteriaId: "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "4371A667-18E1-4C54-B2E1-6F885F22F213", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "97E09AD9-F057-4264-88BB-A8A18C1B1246", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", vulnerable: true, }, { criteria: "cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*", matchCriteriaId: "9D0DFB12-B43F-4207-A900-464A97F5124D", vulnerable: true, }, { criteria: "cpe:2.3:o:trustix:secure_linux:1.01:*:*:*:*:*:*:*", matchCriteriaId: "9406727E-365C-466F-8406-82B393537559", vulnerable: true, }, { criteria: "cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*", matchCriteriaId: "13EBB2F7-712E-4CB1-B4B4-5F0851F3D37E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.", }, ], id: "CVE-2001-1030", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-07-18T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01", }, { source: "cve@mitre.org", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt", }, { source: "cve@mitre.org", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2001-097.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/197727", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2001-097.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/197727", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2001-0843
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2001-113.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=100109679010256&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7157 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2001/dsa-077 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.securityfocus.com/bid/3354 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/linux/conectiva/2001-q3/0020.html | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.novell.com/linux/security/advisories/2001_037_squid_txt.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:37:06.838Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2001:113", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2001-113.html", }, { name: "20010921 squid DoS", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=100109679010256&w=2", }, { name: "squid-mkdir-put-dos(7157)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7157", }, { name: "DSA-077", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2001/dsa-077", }, { name: "MDKSA-2001:088", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3", }, { name: "3354", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/3354", }, { name: "CLA-2001:426", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://archives.neohapsis.com/archives/linux/conectiva/2001-q3/0020.html", }, { name: "SuSE-SA:2001:037", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2001_037_squid_txt.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-09-21T00:00:00", descriptions: [ { lang: "en", value: "Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2002-03-08T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2001:113", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2001-113.html", }, { name: "20010921 squid DoS", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=100109679010256&w=2", }, { name: "squid-mkdir-put-dos(7157)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7157", }, { name: "DSA-077", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2001/dsa-077", }, { name: "MDKSA-2001:088", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3", }, { name: "3354", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/3354", }, { name: "CLA-2001:426", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://archives.neohapsis.com/archives/linux/conectiva/2001-q3/0020.html", }, { name: "SuSE-SA:2001:037", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2001_037_squid_txt.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-0843", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2001:113", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2001-113.html", }, { name: "20010921 squid DoS", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=100109679010256&w=2", }, { name: "squid-mkdir-put-dos(7157)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7157", }, { name: "DSA-077", refsource: "DEBIAN", url: "http://www.debian.org/security/2001/dsa-077", }, { name: "MDKSA-2001:088", refsource: "MANDRAKE", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3", }, { name: "3354", refsource: "BID", url: "http://www.securityfocus.com/bid/3354", }, { name: "CLA-2001:426", refsource: "CONECTIVA", url: "http://archives.neohapsis.com/archives/linux/conectiva/2001-q3/0020.html", }, { name: "SuSE-SA:2001:037", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2001_037_squid_txt.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-0843", datePublished: "2002-03-09T05:00:00", dateReserved: "2001-11-22T00:00:00", dateUpdated: "2024-08-08T04:37:06.838Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-1030
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/197727 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6862 | vdb-entry, x_refsource_XF | |
| http://www.redhat.com/support/errata/RHSA-2001-097.html | vendor-advisory, x_refsource_REDHAT | |
| http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01 | vendor-advisory, x_refsource_IMMUNIX | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:44:06.644Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20010718 Squid httpd acceleration acl bug enables portscanning", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/197727", }, { name: "squid-http-accelerator-portscanning(6862)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862", }, { name: "RHSA-2001:097", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2001-097.html", }, { name: "IMNX-2001-70-031-01", tags: [ "vendor-advisory", "x_refsource_IMMUNIX", "x_transferred", ], url: "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01", }, { name: "MDKSA-2001:066", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3", }, { name: "CSSA-2001-029.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt", }, { name: "20010719 TSLSA-2001-0013 - Squid", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-07-18T00:00:00", descriptions: [ { lang: "en", value: "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2002-02-06T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20010718 Squid httpd acceleration acl bug enables portscanning", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/197727", }, { name: "squid-http-accelerator-portscanning(6862)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862", }, { name: "RHSA-2001:097", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2001-097.html", }, { name: "IMNX-2001-70-031-01", tags: [ "vendor-advisory", "x_refsource_IMMUNIX", ], url: "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01", }, { name: "MDKSA-2001:066", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3", }, { name: "CSSA-2001-029.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt", }, { name: "20010719 TSLSA-2001-0013 - Squid", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1030", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20010718 Squid httpd acceleration acl bug enables portscanning", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/197727", }, { name: "squid-http-accelerator-portscanning(6862)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862", }, { name: "RHSA-2001:097", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2001-097.html", }, { name: "IMNX-2001-70-031-01", refsource: "IMMUNIX", url: "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01", }, { name: "MDKSA-2001:066", refsource: "MANDRAKE", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3", }, { name: "CSSA-2001-029.0", refsource: "CALDERA", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt", }, { name: "20010719 TSLSA-2001-0013 - Squid", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1030", datePublished: "2002-06-25T04:00:00", dateReserved: "2002-01-31T00:00:00", dateUpdated: "2024-08-08T04:44:06.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }