squid_ldap_auth in Squid 2.5 and previous versions allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squid squid 2.1.patch2 |
||
squid squid 2.1.pre1 |
||
squid squid 2.2.pre2 |
||
squid squid 2.2.stable1 |
||
squid squid 2.3.stable2 |
||
squid squid 2.3.stable3 |
||
squid squid 2.4.stable6 |
||
squid squid 2.4.stable7 |
||
squid squid 2.0.patch2 |
||
squid squid 2.0.pre1 |
||
squid squid 2.1.release |
||
squid squid 2.2.devel3 |
||
squid squid 2.2.stable4 |
||
squid squid 2.2.stable5 |
||
squid squid 2.4.stable1 |
||
squid squid 2.4.stable2 |
||
squid squid 2.5.stable3 |
||
squid squid 2.5.stable4 |
||
squid squid 2.0.release |
||
squid squid 2.1.patch1 |
||
squid squid 2.2.devel4 |
||
squid squid 2.2.pre1 |
||
squid squid 2.3.devel2 |
||
squid squid 2.3.devel3 |
||
squid squid 2.3.stable1 |
||
squid squid 2.4.stable3 |
||
squid squid 2.4.stable4 |
||
squid squid 2.5.stable5 |
||
squid squid 2.5.stable6 |
||
squid squid 2.0.patch1 |
||
squid squid 2.1.pre3 |
||
squid squid 2.1.pre4 |
||
squid squid 2.2.stable2 |
||
squid squid 2.2.stable3 |
||
squid squid 2.3.stable4 |
||
squid squid 2.3.stable5 |
||
squid squid 2.5.stable1 |
||
squid squid 2.5.stable2 |