Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2002-0715 (GCVE-0-2002-0715)
Vulnerability from cvelistv5 – Published: 2002-07-23 04:00 – Updated: 2024-08-08 02:56
VLAI
EPSS
Summary
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=102674543407606&w=2 | mailing-listx_refsource_BUGTRAQ |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… | vendor-advisoryx_refsource_CALDERA |
| http://www.squid-cache.org/Versions/v2/2.4/bugs/ | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2002-051.html | vendor-advisoryx_refsource_REDHAT |
| http://www.squid-cache.org/Advisories/SQUID-2002_3.txt | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2002-130.html | vendor-advisoryx_refsource_REDHAT |
| http://www.linux-mandrake.com/en/security/2002/MD… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.iss.net/security_center/static/9478.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/5154 | vdb-entryx_refsource_BID |
Date Public
2002-07-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0715",
"datePublished": "2002-07-23T04:00:00.000Z",
"dateReserved": "2002-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:56:38.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2002-0715",
"date": "2026-05-30",
"epss": "0.00405",
"percentile": "0.61257"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.4.stable6\", \"matchCriteriaId\": \"74F11907-5BBD-450F-B338-34013E58E0D8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password.\"}]",
"id": "CVE-2002-0715",
"lastModified": "2024-11-20T23:39:42.310",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2002-07-26T04:00:00.000",
"references": "[{\"url\": \"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2002-051.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2002-130.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.iss.net/security_center/static/9478.php\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/5154\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.squid-cache.org/Advisories/SQUID-2002_3.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.squid-cache.org/Versions/v2/2.4/bugs/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2002-051.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2002-130.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.iss.net/security_center/static/9478.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/5154\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.squid-cache.org/Advisories/SQUID-2002_3.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.squid-cache.org/Versions/v2/2.4/bugs/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2002-0715\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-07-26T04:00:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4.stable6\",\"matchCriteriaId\":\"74F11907-5BBD-450F-B338-34013E58E0D8\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-051.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-130.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.iss.net/security_center/static/9478.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/5154\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.squid-cache.org/Advisories/SQUID-2002_3.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.squid-cache.org/Versions/v2/2.4/bugs/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-051.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-130.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.iss.net/security_center/static/9478.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/5154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.squid-cache.org/Advisories/SQUID-2002_3.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.squid-cache.org/Versions/v2/2.4/bugs/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
}
}
FKIE_CVE-2002-0715
Vulnerability from fkie_nvd - Published: 2002-07-26 04:00 - Updated: 2026-04-16 00:27
Severity
Summary
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F11907-5BBD-450F-B338-34013E58E0D8",
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
],
"id": "CVE-2002-0715",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5154"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-RH7C-C27G-CWXW
Vulnerability from github – Published: 2022-05-03 03:07 – Updated: 2022-05-03 03:07
VLAI
Details
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
{
"affected": [],
"aliases": [
"CVE-2002-0715"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-07-26T04:00:00Z",
"severity": "MODERATE"
},
"details": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password.",
"id": "GHSA-rh7c-c27g-cwxw",
"modified": "2022-05-03T03:07:58Z",
"published": "2022-05-03T03:07:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0715"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"type": "WEB",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/5154"
},
{
"type": "WEB",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"type": "WEB",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2002-0715
Vulnerability from gsd - Updated: 2023-12-13 01:24Details
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2002-0715",
"description": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password.",
"id": "GSD-2002-0715",
"references": [
"https://access.redhat.com/errata/RHSA-2002:130",
"https://access.redhat.com/errata/RHSA-2002:051"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2002-0715"
],
"details": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password.",
"id": "GSD-2002-0715",
"modified": "2023-12-13T01:24:06.317623Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "squid-auth-header-forwarding(9478)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "5154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5154"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.stable6",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0715"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"tags": [],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "5154",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/5154"
},
{
"name": "squid-auth-header-forwarding(9478)",
"refsource": "XF",
"tags": [],
"url": "http://www.iss.net/security_center/static/9478.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=102674543407606\u0026w=2"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2016-10-18T02:21Z",
"publishedDate": "2002-07-26T04:00Z"
}
}
}
RHSA-2002:051
Vulnerability from csaf_redhat - Published: 2002-07-04 02:44 - Updated: 2025-11-21 17:24Summary
Red Hat Security Advisory: : : : New Squid packages available
Severity
Important
Notes
Topic: New Squid packages are available which fix various security issues.
[Updated 16 April 2003]
Added packages for Red Hat Linux on IBM iSeries and pSeries systems.
Details: Squid is a high-performance proxy caching server. The following summary
describes the various issues found and their resolutions.
A problem was found in the code used by Squid to handle compressed DNS
replies where a malicious DNS server could cause Squid to crash. This bug
is fixed in the 2.4.STABLE6 release of Squid. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0163
to this issue. Note that Red Hat Linux 7.3 is not vulnerable to this issue.
Several buffer overflows have been found in the MSNT auth helper
(msnt_auth) when configured to use denyusers or allowusers access control
files.
Several buffer overflows were found in the gopher client of Squid. It
could be possible for a malicious gopher server to cause Squid to crash.
A problem was found in the handling of the FTP data channel, possibly
allowing abuse of the FTP proxy to bypass firewall rules or inject false
FTP replies.
Several possible buffer overflows were found in the code parsing FTP
directories, potentially allowing an untrusted FTP server to crash Squid.
Thanks go to Olaf Kirch and the Squid team for notifying us of the
problems, and to the Squid team for providing patches.
Note that Carp support has been disabled in this errata. If you need Carp
support, you can reconfigure it with --enable-carp and rebuild the packages.
All users of Squid are advised to upgrade to these errata packages which
contain patches to correct each of these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Linux 6.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:6.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.0
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.0
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.1
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.1
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.3
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.3
|
— |
Vendor Fix
fix
|
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Linux 6.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:6.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.0
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.0
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.1
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.1
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.3
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Linux 6.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:6.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.0
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.0
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.1
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.1
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.3
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Linux 6.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:6.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.0
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.0
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.1
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.1
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.3
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Squid packages are available which fix various security issues.\n\n[Updated 16 April 2003]\nAdded packages for Red Hat Linux on IBM iSeries and pSeries systems.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server. The following summary\ndescribes the various issues found and their resolutions.\n\nA problem was found in the code used by Squid to handle compressed DNS\nreplies where a malicious DNS server could cause Squid to crash. This bug\nis fixed in the 2.4.STABLE6 release of Squid. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name CAN-2002-0163\nto this issue. Note that Red Hat Linux 7.3 is not vulnerable to this issue.\n\nSeveral buffer overflows have been found in the MSNT auth helper\n(msnt_auth) when configured to use denyusers or allowusers access control\nfiles.\n\nSeveral buffer overflows were found in the gopher client of Squid. It\ncould be possible for a malicious gopher server to cause Squid to crash.\n\nA problem was found in the handling of the FTP data channel, possibly\nallowing abuse of the FTP proxy to bypass firewall rules or inject false\nFTP replies.\n\nSeveral possible buffer overflows were found in the code parsing FTP\ndirectories, potentially allowing an untrusted FTP server to crash Squid.\n\nThanks go to Olaf Kirch and the Squid team for notifying us of the\nproblems, and to the Squid team for providing patches.\n\nNote that Carp support has been disabled in this errata. If you need Carp\nsupport, you can reconfigure it with --enable-carp and rebuild the packages.\n\nAll users of Squid are advised to upgrade to these errata packages which\ncontain patches to correct each of these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:051",
"url": "https://access.redhat.com/errata/RHSA-2002:051"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_051.json"
}
],
"title": "Red Hat Security Advisory: : : : New Squid packages available",
"tracking": {
"current_release_date": "2025-11-21T17:24:46+00:00",
"generator": {
"date": "2025-11-21T17:24:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2002:051",
"initial_release_date": "2002-07-04T02:44:00+00:00",
"revision_history": [
{
"date": "2002-07-04T02:44:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-03-22T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:24:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 6.2",
"product": {
"name": "Red Hat Linux 6.2",
"product_id": "Red Hat Linux 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:6.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.0",
"product": {
"name": "Red Hat Linux 7.0",
"product_id": "Red Hat Linux 7.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0163",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616746"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0163"
},
{
"category": "external",
"summary": "RHBZ#1616746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616746"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0163",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0163"
}
],
"release_date": "2002-03-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-04T02:44:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:051"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0713",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616800"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0713"
},
{
"category": "external",
"summary": "RHBZ#1616800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616800"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0713",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0713"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-04T02:44:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:051"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0714",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616801"
}
],
"notes": [
{
"category": "description",
"text": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0714"
},
{
"category": "external",
"summary": "RHBZ#1616801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0714"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-04T02:44:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:051"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0715",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616802"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0715"
},
{
"category": "external",
"summary": "RHBZ#1616802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616802"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0715"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-04T02:44:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:051"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
RHSA-2002:130
Vulnerability from csaf_redhat - Published: 2002-07-12 22:58 - Updated: 2025-11-21 17:24Summary
Red Hat Security Advisory: squid security update
Severity
Important
Notes
Topic: New Squid packages are available which fix various issues.
Details: Squid is a high-performance proxy caching server. The following summary
describes the various issues found and fixed:
Several buffer overflows have been found in the MSTN auth helper
(msnt_auth) when configured to use denyusers or allowusers access control
files.
Several buffer overflows were found in the gopher client of Squid. It
could be possible for a malicious gopher server to cause Squid to crash.
A problem was found in the handling of the FTP data channel, possibly
allowing abuse of the FTP proxy to bypass firewall rules or inject false
FTP replies.
Several possible buffer overflows were found in the code parsing FTP
directories, which potentially allow for an untrusted FTP server to crash
Squid.
Thanks go to Olaf Kirch and the Squid team for notifying us of the
problems and to the Squid team for providing patches.
All users of Squid are advised to upgrade to these errata packages which
contain patches to correct each of these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
Red Hat / Red Hat Advanced Server
|
cpe:/o:redhat:enterprise_linux:2.1::as
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
Red Hat / Red Hat Advanced Server
|
cpe:/o:redhat:enterprise_linux:2.1::as
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
Red Hat / Red Hat Advanced Server
|
cpe:/o:redhat:enterprise_linux:2.1::as
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Squid packages are available which fix various issues.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server. The following summary\ndescribes the various issues found and fixed:\n\nSeveral buffer overflows have been found in the MSTN auth helper\n(msnt_auth) when configured to use denyusers or allowusers access control\nfiles.\n\nSeveral buffer overflows were found in the gopher client of Squid. It\ncould be possible for a malicious gopher server to cause Squid to crash.\n\nA problem was found in the handling of the FTP data channel, possibly\nallowing abuse of the FTP proxy to bypass firewall rules or inject false\nFTP replies.\n\nSeveral possible buffer overflows were found in the code parsing FTP\ndirectories, which potentially allow for an untrusted FTP server to crash\nSquid.\n\nThanks go to Olaf Kirch and the Squid team for notifying us of the\nproblems and to the Squid team for providing patches.\n\nAll users of Squid are advised to upgrade to these errata packages which\ncontain patches to correct each of these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:130",
"url": "https://access.redhat.com/errata/RHSA-2002:130"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_130.json"
}
],
"title": "Red Hat Security Advisory: squid security update",
"tracking": {
"current_release_date": "2025-11-21T17:24:52+00:00",
"generator": {
"date": "2025-11-21T17:24:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2002:130",
"initial_release_date": "2002-07-12T22:58:00+00:00",
"revision_history": [
{
"date": "2002-07-12T22:58:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-06-26T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:24:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0713",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616800"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0713"
},
{
"category": "external",
"summary": "RHBZ#1616800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616800"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0713",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0713"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-12T22:58:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:130"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0714",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616801"
}
],
"notes": [
{
"category": "description",
"text": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0714"
},
{
"category": "external",
"summary": "RHBZ#1616801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0714"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-12T22:58:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:130"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0715",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616802"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0715"
},
{
"category": "external",
"summary": "RHBZ#1616802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616802"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0715"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-12T22:58:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:130"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
RHSA-2002_051
Vulnerability from csaf_redhat - Published: 2002-07-04 02:44 - Updated: 2024-11-21 22:19Summary
Red Hat Security Advisory: : : : New Squid packages available
Severity
Important
Notes
Topic: New Squid packages are available which fix various security issues.
[Updated 16 April 2003]
Added packages for Red Hat Linux on IBM iSeries and pSeries systems.
Details: Squid is a high-performance proxy caching server. The following summary
describes the various issues found and their resolutions.
A problem was found in the code used by Squid to handle compressed DNS
replies where a malicious DNS server could cause Squid to crash. This bug
is fixed in the 2.4.STABLE6 release of Squid. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0163
to this issue. Note that Red Hat Linux 7.3 is not vulnerable to this issue.
Several buffer overflows have been found in the MSNT auth helper
(msnt_auth) when configured to use denyusers or allowusers access control
files.
Several buffer overflows were found in the gopher client of Squid. It
could be possible for a malicious gopher server to cause Squid to crash.
A problem was found in the handling of the FTP data channel, possibly
allowing abuse of the FTP proxy to bypass firewall rules or inject false
FTP replies.
Several possible buffer overflows were found in the code parsing FTP
directories, potentially allowing an untrusted FTP server to crash Squid.
Thanks go to Olaf Kirch and the Squid team for notifying us of the
problems, and to the Squid team for providing patches.
Note that Carp support has been disabled in this errata. If you need Carp
support, you can reconfigure it with --enable-carp and rebuild the packages.
All users of Squid are advised to upgrade to these errata packages which
contain patches to correct each of these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Linux 6.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:6.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.0
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.0
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.1
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.1
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.3
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.3
|
— |
Vendor Fix
fix
|
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Linux 6.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:6.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.0
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.0
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.1
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.1
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.3
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Linux 6.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:6.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.0
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.0
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.1
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.1
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.3
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Linux 6.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:6.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.0
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.0
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.1
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.1
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.2
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.2
|
— |
Vendor Fix
fix
|
|
Red Hat Linux 7.3
Red Hat / Red Hat Linux
|
cpe:/o:redhat:linux:7.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Squid packages are available which fix various security issues.\n\n[Updated 16 April 2003]\nAdded packages for Red Hat Linux on IBM iSeries and pSeries systems.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server. The following summary\ndescribes the various issues found and their resolutions.\n\nA problem was found in the code used by Squid to handle compressed DNS\nreplies where a malicious DNS server could cause Squid to crash. This bug\nis fixed in the 2.4.STABLE6 release of Squid. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name CAN-2002-0163\nto this issue. Note that Red Hat Linux 7.3 is not vulnerable to this issue.\n\nSeveral buffer overflows have been found in the MSNT auth helper\n(msnt_auth) when configured to use denyusers or allowusers access control\nfiles.\n\nSeveral buffer overflows were found in the gopher client of Squid. It\ncould be possible for a malicious gopher server to cause Squid to crash.\n\nA problem was found in the handling of the FTP data channel, possibly\nallowing abuse of the FTP proxy to bypass firewall rules or inject false\nFTP replies.\n\nSeveral possible buffer overflows were found in the code parsing FTP\ndirectories, potentially allowing an untrusted FTP server to crash Squid.\n\nThanks go to Olaf Kirch and the Squid team for notifying us of the\nproblems, and to the Squid team for providing patches.\n\nNote that Carp support has been disabled in this errata. If you need Carp\nsupport, you can reconfigure it with --enable-carp and rebuild the packages.\n\nAll users of Squid are advised to upgrade to these errata packages which\ncontain patches to correct each of these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:051",
"url": "https://access.redhat.com/errata/RHSA-2002:051"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_051.json"
}
],
"title": "Red Hat Security Advisory: : : : New Squid packages available",
"tracking": {
"current_release_date": "2024-11-21T22:19:44+00:00",
"generator": {
"date": "2024-11-21T22:19:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:051",
"initial_release_date": "2002-07-04T02:44:00+00:00",
"revision_history": [
{
"date": "2002-07-04T02:44:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-03-22T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:19:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 6.2",
"product": {
"name": "Red Hat Linux 6.2",
"product_id": "Red Hat Linux 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:6.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.0",
"product": {
"name": "Red Hat Linux 7.0",
"product_id": "Red Hat Linux 7.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0163",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616746"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0163"
},
{
"category": "external",
"summary": "RHBZ#1616746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616746"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0163",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0163"
}
],
"release_date": "2002-03-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-04T02:44:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:051"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0713",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616800"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0713"
},
{
"category": "external",
"summary": "RHBZ#1616800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616800"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0713",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0713"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-04T02:44:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:051"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0714",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616801"
}
],
"notes": [
{
"category": "description",
"text": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0714"
},
{
"category": "external",
"summary": "RHBZ#1616801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0714"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-04T02:44:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:051"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0715",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616802"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0715"
},
{
"category": "external",
"summary": "RHBZ#1616802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616802"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0715"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-04T02:44:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:051"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
RHSA-2002_130
Vulnerability from csaf_redhat - Published: 2002-07-12 22:58 - Updated: 2024-11-21 22:19Summary
Red Hat Security Advisory: squid security update
Severity
Important
Notes
Topic: New Squid packages are available which fix various issues.
Details: Squid is a high-performance proxy caching server. The following summary
describes the various issues found and fixed:
Several buffer overflows have been found in the MSTN auth helper
(msnt_auth) when configured to use denyusers or allowusers access control
files.
Several buffer overflows were found in the gopher client of Squid. It
could be possible for a malicious gopher server to cause Squid to crash.
A problem was found in the handling of the FTP data channel, possibly
allowing abuse of the FTP proxy to bypass firewall rules or inject false
FTP replies.
Several possible buffer overflows were found in the code parsing FTP
directories, which potentially allow for an untrusted FTP server to crash
Squid.
Thanks go to Olaf Kirch and the Squid team for notifying us of the
problems and to the Squid team for providing patches.
All users of Squid are advised to upgrade to these errata packages which
contain patches to correct each of these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
Red Hat / Red Hat Advanced Server
|
cpe:/o:redhat:enterprise_linux:2.1::as
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
Red Hat / Red Hat Advanced Server
|
cpe:/o:redhat:enterprise_linux:2.1::as
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
Red Hat / Red Hat Advanced Server
|
cpe:/o:redhat:enterprise_linux:2.1::as
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Squid packages are available which fix various issues.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server. The following summary\ndescribes the various issues found and fixed:\n\nSeveral buffer overflows have been found in the MSTN auth helper\n(msnt_auth) when configured to use denyusers or allowusers access control\nfiles.\n\nSeveral buffer overflows were found in the gopher client of Squid. It\ncould be possible for a malicious gopher server to cause Squid to crash.\n\nA problem was found in the handling of the FTP data channel, possibly\nallowing abuse of the FTP proxy to bypass firewall rules or inject false\nFTP replies.\n\nSeveral possible buffer overflows were found in the code parsing FTP\ndirectories, which potentially allow for an untrusted FTP server to crash\nSquid.\n\nThanks go to Olaf Kirch and the Squid team for notifying us of the\nproblems and to the Squid team for providing patches.\n\nAll users of Squid are advised to upgrade to these errata packages which\ncontain patches to correct each of these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:130",
"url": "https://access.redhat.com/errata/RHSA-2002:130"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_130.json"
}
],
"title": "Red Hat Security Advisory: squid security update",
"tracking": {
"current_release_date": "2024-11-21T22:19:48+00:00",
"generator": {
"date": "2024-11-21T22:19:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:130",
"initial_release_date": "2002-07-12T22:58:00+00:00",
"revision_history": [
{
"date": "2002-07-12T22:58:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-06-26T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:19:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0713",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616800"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0713"
},
{
"category": "external",
"summary": "RHBZ#1616800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616800"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0713",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0713"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-12T22:58:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:130"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0714",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616801"
}
],
"notes": [
{
"category": "description",
"text": "FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0714"
},
{
"category": "external",
"summary": "RHBZ#1616801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0714"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-12T22:58:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:130"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0715",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616802"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user\u0027s proxy login and password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0715"
},
{
"category": "external",
"summary": "RHBZ#1616802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616802"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0715"
}
],
"release_date": "2002-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-12T22:58:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:130"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…