CVE-2005-0194

Published: May 2, 2005Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

Affected (38)

Products: Squid: Squid

Squid

1 product

Squid

Configuration A

38 vulnerable

Vulnerable Software	Affected Versions
Squid Squid	Version 2.0.patch1
Squid Squid	Version 2.0.patch2
Squid Squid	Version 2.0.pre1
Squid Squid	Version 2.0.release
Squid Squid	Version 2.1.patch1
Squid Squid	Version 2.1.patch2
Squid Squid	Version 2.1.pre1
Squid Squid	Version 2.1.pre3
Squid Squid	Version 2.1.pre4
Squid Squid	Version 2.1.release
Squid Squid	Version 2.2.devel3
Squid Squid	Version 2.2.devel4
Squid Squid	Version 2.2.pre1
Squid Squid	Version 2.2.pre2
Squid Squid	Version 2.2.stable1
Squid Squid	Version 2.2.stable2
Squid Squid	Version 2.2.stable3
Squid Squid	Version 2.2.stable4
Squid Squid	Version 2.2.stable5
Squid Squid	Version 2.3.devel2
Squid Squid	Version 2.3.devel3
Squid Squid	Version 2.3.stable1
Squid Squid	Version 2.3.stable2
Squid Squid	Version 2.3.stable3
Squid Squid	Version 2.3.stable4
Squid Squid	Version 2.3.stable5
Squid Squid	Version 2.4.stable1
Squid Squid	Version 2.4.stable2
Squid Squid	Version 2.4.stable3
Squid Squid	Version 2.4.stable4
Squid Squid	Version 2.4.stable6
Squid Squid	Version 2.4.stable7
Squid Squid	Version 2.5.stable1
Squid Squid	Version 2.5.stable2
Squid Squid	Version 2.5.stable3
Squid Squid	Version 2.5.stable4
Squid Squid	Version 2.5.stable5
Squid Squid	Version 2.5.stable6