CVE-2005-0194

Description

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

How to fix CVE-2005-0194

To remediate CVE-2005-0194, upgrade the affected package to a fixed version below.

• Debian/squid—upgrade to 2.5.7-7 or later

Is CVE-2005-0194 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.5.7-7

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-0194