Vulnerability Details CVE-2004-2479
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://fedoranews.org/updates/FEDORA--.shtml
- http://secunia.com/advisories/13408
- http://secunia.com/advisories/16977
- http://securitytracker.com/id?1012466
- http://www.osvdb.org/12282
- http://www.redhat.com/support/errata/RHSA-2005-766.html
- http://www.securityfocus.com/bid/11865
- http://www.squid-cache.org/bugs/show_bug.cgi?id=1143
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18406
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9711
- http://fedoranews.org/updates/FEDORA--.shtml
- http://secunia.com/advisories/13408
- http://secunia.com/advisories/16977
- http://securitytracker.com/id?1012466
- http://www.osvdb.org/12282
- http://www.redhat.com/support/errata/RHSA-2005-766.html
- http://www.securityfocus.com/bid/11865
- http://www.squid-cache.org/bugs/show_bug.cgi?id=1143
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18406
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9711
Products affected by CVE-2004-2479
-
cpe:2.3:a:national_science_foundation:squid_web_proxy_cache:2.5_stable1
-
cpe:2.3:a:national_science_foundation:squid_web_proxy_cache:2.5_stable2
-
cpe:2.3:a:national_science_foundation:squid_web_proxy_cache:2.5_stable3
-
cpe:2.3:a:national_science_foundation:squid_web_proxy_cache:2.5_stable4
-
cpe:2.3:a:national_science_foundation:squid_web_proxy_cache:2.5_stable5
-
cpe:2.3:a:national_science_foundation:squid_web_proxy_cache:2.5_stable6
-
cpe:2.3:a:national_science_foundation:squid_web_proxy_cache:2.5_stable7