CVE-2004-2479

Description

Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.

How to fix CVE-2004-2479

To remediate CVE-2004-2479, upgrade the affected package to a fixed version below.

• Debian/squid—upgrade to 2.5.8 or later

Is CVE-2004-2479 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.5.8

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2004-2479