Vulnerability Details CVE-2001-1030
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html
- http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3
- http://www.redhat.com/support/errata/RHSA-2001-097.html
- http://www.securityfocus.com/archive/1/197727
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6862
- http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html
- http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3
- http://www.redhat.com/support/errata/RHSA-2001-097.html
- http://www.securityfocus.com/archive/1/197727
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6862
Products affected by CVE-2001-1030
-
cpe:2.3:a:caldera:openlinux_server:3.1
-
cpe:2.3:a:immunix:immunix:6.2
-
cpe:2.3:a:immunix:immunix:7.0
-
cpe:2.3:a:immunix:immunix:7.0_beta
-
cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2
-
cpe:2.3:a:squid:squid_web_proxy:2.3stable3
-
cpe:2.3:a:squid:squid_web_proxy:2.3stable4
-
cpe:2.3:o:mandrakesoft:mandrake_linux:7.1
-
cpe:2.3:o:mandrakesoft:mandrake_linux:7.2
-
cpe:2.3:o:mandrakesoft:mandrake_linux:8.0
-
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1
-
cpe:2.3:o:redhat:linux:7.0
-
cpe:2.3:o:trustix:secure_linux:1.01
-
cpe:2.3:o:trustix:secure_linux:1.1
-
cpe:2.3:o:trustix:secure_linux:1.2