FKIE_CVE-2005-1345

Vulnerability from fkie_nvd - Published: 2005-05-02 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
References
secalert@redhat.comhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000948
secalert@redhat.comhttp://fedoranews.org/updates/FEDORA--.shtml
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-721
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-415.html
secalert@redhat.comhttp://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_errorPatch
secalert@redhat.comhttp://www.squid-cache.org/bugs/show_bug.cgi?id=1255
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000948
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/updates/FEDORA--.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-721
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-415.html
af854a3a-2127-422b-91ae-364da2661108http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_errorPatch
af854a3a-2127-422b-91ae-364da2661108http://www.squid-cache.org/bugs/show_bug.cgi?id=1255
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513
Impacted products
Vendor Product Version
squid squid 2.5.stable1
squid squid 2.5.stable2
squid squid 2.5.stable3
squid squid 2.5.stable4
squid squid 2.5.stable5
squid squid 2.5.stable6
squid squid 2.5.stable7
squid squid 2.5.stable8
squid squid 2.5.stable9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7183658C-0CDE-40B1-B203-8C365193724B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C73406-9582-40F7-AFD9-7E9D6D94DE39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDB690A-E0EF-4B11-83D7-B4A4C6B52DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3F889C-2A50-4B91-B74D-1D32A2CAFFA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE944B8-B660-4FDB-A3F2-81F908329D88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*",
              "matchCriteriaId": "75436484-5FCD-45D3-9262-63301A2024B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.5.stable7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8D59FA7-FD38-406A-923F-68297CC4B767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.5.stable8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA3969B3-02F1-480A-8E72-CC50CD14B573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid:2.5.stable9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FD64CE0-686A-44F2-B537-6D41E47A8BF5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator."
    }
  ],
  "id": "CVE-2005-1345",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://fedoranews.org/updates/FEDORA--.shtml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2005/dsa-721"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/updates/FEDORA--.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2005/dsa-721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-415.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.