Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2479

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2479
Last Modified 18 Jul 2013 12:37:43
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2479

Summary

Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.

Vulnerable Systems

Application

  • National Science Foundation Squid Web Proxy Cache 2.5 Stable1

  • National Science Foundation Squid Web Proxy Cache 2.5 Stable2

  • National Science Foundation Squid Web Proxy Cache 2.5 Stable3

  • National Science Foundation Squid Web Proxy Cache 2.5 Stable4

  • National Science Foundation Squid Web Proxy Cache 2.5 Stable5

  • National Science Foundation Squid Web Proxy Cache 2.5 Stable6

  • National Science Foundation Squid Web Proxy Cache 2.5 Stable7


References

XF - squid-hostname-obtain-info(18406)

CONFIRM - http://www.squid-cache.org/bugs/show_bug.cgi?id=1143

BID - 11865

SECTRACK - 1012466

SECUNIA - 13408

OSVDB - 12282

REDHAT - RHSA-2005:766

SECUNIA - 16977

FEDORA - FLSA-2006:152809


Last Updated: 27 May 2016 10:39:29