7.5

CVE-2002-0067

Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquidSquid Version <= 2.4_stable_2
RedhatLinux Version6.2 Editionalpha
RedhatLinux Version6.2 Editioni386
RedhatLinux Version6.2 Editionsparc
RedhatLinux Version7.0 Editionalpha
RedhatLinux Version7.0 Editioni386
RedhatLinux Version7.1 Editionalpha
RedhatLinux Version7.1 Editioni386
RedhatLinux Version7.1 Editionia64
RedhatLinux Version7.2 Editioni386
RedhatLinux Version7.2 Editionia64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.65% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
http://marc.info/?l=bugtraq&m=101431040422095&w=2
http://marc.info/?l=bugtraq&m=101443252627021&w=2
http://www.iss.net/security_center/static/8261.php
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
http://www.osvdb.org/5379
http://www.redhat.com/support/errata/RHSA-2002-029.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/4150
http://www.squid-cache.org/Versions/v2/2.4/bugs/
Patch