Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0067

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0067
Last Modified 05 Sep 2008 04:27:05
Published 08 Mar 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0067

Summary

Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.

Vulnerable Systems

Operating System

  • Redhat Linux 6.2

  • Redhat Linux 7.0

  • Redhat Linux 7.1

  • Redhat Linux 7.2

Application

  • Squid 2.4 Stable 2


References

CONFIRM - http://www.squid-cache.org/Versions/v2/2.4/bugs/

REDHAT - RHSA-2002:029

BID - 4150

OSVDB - 5379

MANDRAKE - MDKSA-2002:016

XF - squid-htcp-enabled(8261)

BUGTRAQ - 20020222 TSLSA-2002-0031 - squid

BUGTRAQ - 20020221 Squid HTTP Proxy Security Update Advisory 2002:1

CONECTIVA - CLA-2002:464

CALDERA - CSSA-2002-SCO.7

FREEBSD - FreeBSD-SA-02:12


Last Updated: 27 May 2016 10:36:46