Lucene search

[email protected]CVE-2005-0173

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0173

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0173

squid_ldap_auth

acl bypass

ldap

remote authentication

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

Affected configurations

NVD

Node

squidsquidMatch2.0.patch1

squidsquidMatch2.0.patch2

squidsquidMatch2.0.pre1

squidsquidMatch2.0.release

squidsquidMatch2.1.patch1

squidsquidMatch2.1.patch2

squidsquidMatch2.1.pre1

squidsquidMatch2.1.pre3

squidsquidMatch2.1.pre4

squidsquidMatch2.1.release

squidsquidMatch2.2.devel3

squidsquidMatch2.2.devel4

squidsquidMatch2.2.pre1

squidsquidMatch2.2.pre2

squidsquidMatch2.2.stable1

squidsquidMatch2.2.stable2

squidsquidMatch2.2.stable3

squidsquidMatch2.2.stable4

squidsquidMatch2.2.stable5

squidsquidMatch2.3.devel2

squidsquidMatch2.3.devel3

squidsquidMatch2.3.stable1

squidsquidMatch2.3.stable2

squidsquidMatch2.3.stable3

squidsquidMatch2.3.stable4

squidsquidMatch2.3.stable5

squidsquidMatch2.4.stable1

squidsquidMatch2.4.stable2

squidsquidMatch2.4.stable3

squidsquidMatch2.4.stable4

squidsquidMatch2.4.stable6

squidsquidMatch2.4.stable7

squidsquidMatch2.5.stable1

squidsquidMatch2.5.stable2

squidsquidMatch2.5.stable3

squidsquidMatch2.5.stable4

squidsquidMatch2.5.stable5

squidsquidMatch2.5.stable6

CPENameOperatorVersion
squid:squidsquideq2.0.patch1
squid:squidsquideq2.0.patch2
squid:squidsquideq2.0.pre1
squid:squidsquideq2.0.release
squid:squidsquideq2.1.patch1
squid:squidsquideq2.1.patch2
squid:squidsquideq2.1.pre1
squid:squidsquideq2.1.pre3
squid:squidsquideq2.1.pre4
squid:squidsquideq2.1.release

CPE	Name	Operator	Version
squid:squid	squid	eq	2.0.patch1
squid:squid	squid	eq	2.0.patch2
squid:squid	squid	eq	2.0.pre1
squid:squid	squid	eq	2.0.release
squid:squid	squid	eq	2.1.patch1
squid:squid	squid	eq	2.1.patch2
squid:squid	squid	eq	2.1.pre1
squid:squid	squid	eq	2.1.pre3
squid:squid	squid	eq	2.1.pre4
squid:squid	squid	eq	2.1.release