7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.2 Medium
AI Score
Confidence
Low
0.065 Low
EPSS
Percentile
93.8%
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.
CPE | Name | Operator | Version |
---|---|---|---|
redhat:linux | redhat linux | eq | 5.2 |
redhat:linux | redhat linux | eq | 6.0 |
fedoranews.org/updates/FEDORA--.shtml
www.debian.org/security/2004/dsa-576
www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
www.redhat.com/support/errata/archives/rh52-errata-general.html#squid
www.redhat.com/support/errata/RHSA-1999-025.html
www.redhat.com/support/errata/RHSA-2005-489.html
www.securityfocus.com/bid/2059
exchange.xforce.ibmcloud.com/vulnerabilities/2385