Bug 166523 - CAN-2004-2480 squid access control bypass
CAN-2004-2480 squid access control bypass
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: squid (Show other bugs)
4
All Linux
medium Severity low
: ---
: ---
Assigned To: Martin Stransky
impact=low,reported=20050821,public=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-22 16:23 EDT by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-29 06:00:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-08-22 16:23:33 EDT
+++ This bug was initially created as a clone of Bug #166522 +++

This issue was discovered by Nuno Costa:
http://archives.neohapsis.com/archives/bugtraq/2004-05/0070.html


hello

im not a expert in this area, but i work in a intranet that haves the
Squid/2.3.STABLE5 filtring all access's to the internet..

so i don't have access to the internet directaly, but i know that this proxy
allow access to especific web sites.. so, in the past if i us this:
http://urlwebsite_allowed.pt -> the vuln that is already discovered... i have
access to the website that i want...
but in this days, this vuln is now fixed so...
in my test's i found this way to pass this proxy, using:
http://website_allowed.ptmy_url -> now i have access...
using url.pt i can bypass the proxy and access the internet, i don't know how
faur, this could go!!
so i don't know if this is a bug from IE or just a simple bug from Squid.. ???
can anyone tell what we have in hands ?
Comment 1 Josh Bressers 2005-08-22 16:24:20 EDT
This issue should also affect FC3
Comment 2 Martin Stransky 2005-08-29 06:00:25 EDT
The original reporter hasn't replied and I can't reproduce it, so I'm closing it
as WORKSFORME. Please reopen if you find more info...

Note You need to log in before you can comment on or make changes to this bug.