CVE-2001-1030

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2001-07-18 12:00:00.000-04
Last Modified2017-10-09 09:29:58.000-04

Vulnerable Software List

VendorProductVersions
Squid Squid Web Proxy 2.3stable3, 2.3stable4
Immunix Immunix 6.2, 7.0, 7.0 beta
Caldera Openlinux Server 3.1
Redhat Linux 7.0
Mandrakesoft Mandrake Linux 7.1, 7.2, 8.0
Mandrakesoft Mandrake Linux Corporate Server 1.0.1
Mandrakesoft Mandrake Single Network Firewall 7.2
Trustix Secure Linux 1.01, 1.2

References

SourceLink
BUGTRAQ20010719 TSLSA-2001-0013 - Squid
IMMUNIXIMNX-2001-70-031-01
CALDERACSSA-2001-029.0
MANDRAKEMDKSA-2001:066
REDHATRHSA-2001:097
BUGTRAQ20010718 Squid httpd acceleration acl bug enables portscanning
XFsquid-http-accelerator-portscanning(6862)