Lucene search

[email protected]CVE-2001-1030

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2001-1030

2002-06-2504:00:00

[email protected]

web.nvd.nist.gov

cve-2001-1030

squid

http accelerator

access control lists

acl

unauthorized activity

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.0%

JSON

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Affected configurations

NVD

Node

calderaopenlinux_serverMatch3.1

immuniximmunixMatch6.2

immuniximmunixMatch7.0

immuniximmunixMatch7.0_beta

mandrakesoftmandrake_single_network_firewallMatch7.2

squidsquid_web_proxyMatch2.3stable3

squidsquid_web_proxyMatch2.3stable4

Node

mandrakesoftmandrake_linuxMatch7.1

mandrakesoftmandrake_linuxMatch7.2

mandrakesoftmandrake_linuxMatch8.0

mandrakesoftmandrake_linux_corporate_serverMatch1.0.1

redhatlinuxMatch7.0

trustixsecure_linuxMatch1.1

trustixsecure_linuxMatch1.01

trustixsecure_linuxMatch1.2

CPENameOperatorVersion
caldera:openlinux_servercaldera openlinux servereq3.1
immunix:immuniximmunixeq6.2
immunix:immuniximmunixeq7.0
immunix:immuniximmunixeq7.0_beta
mandrakesoft:mandrake_single_network_firewallmandrakesoft mandrake single network firewalleq7.2
squid:squid_web_proxysquid squid web proxyeq2.3stable3
squid:squid_web_proxysquid squid web proxyeq2.3stable4

CPE	Name	Operator	Version
caldera:openlinux_server	caldera openlinux server	eq	3.1
immunix:immunix	immunix	eq	6.2
immunix:immunix	immunix	eq	7.0
immunix:immunix	immunix	eq	7.0_beta
mandrakesoft:mandrake_single_network_firewall	mandrakesoft mandrake single network firewall	eq	7.2
squid:squid_web_proxy	squid squid web proxy	eq	2.3stable3
squid:squid_web_proxy	squid squid web proxy	eq	2.3stable4

References

archives.neohapsis.com/archives/bugtraq/2001-07/0362.html

download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01

www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt

www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3

www.redhat.com/support/errata/RHSA-2001-097.html

www.securityfocus.com/archive/1/197727

exchange.xforce.ibmcloud.com/vulnerabilities/6862

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.0%

JSON

Related for CVE-2001-1030

nvd1 nessus1 cvelist1