DescriptionThe "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Timeline for this CVECVE page created: Fri Jun 28 00:45:35 2013
CVE page last modified: Fri Oct 7 12:45:28 2022