CVE-2001-1030

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Published: Jul 18, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-1030
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
squid / squid_web_proxy	2.3stable3	2.3stable3.x
immunix / immunix	7.0	7.0.x
immunix / immunix	6.2	6.2.x
immunix / immunix	7.0_beta	7.0_beta.x
squid / squid_web_proxy	2.3stable4	2.3stable4.x
mandrakesoft / mandrake_single_network_firewall	7.2	7.2.x
caldera / openlinux_server	3.1	3.1.x
mandrakesoft / mandrake_linux	7.2	7.2.x
trustix / secure_linux	1.1	1.1.x
redhat / linux	7.0	7.0.x
trustix / secure_linux	1.01	1.01.x
mandrakesoft / mandrake_linux_corporate_server	1.0.1	1.0.1.x
mandrakesoft / mandrake_linux	7.1	7.1.x
trustix / secure_linux	1.2	1.2.x
mandrakesoft / mandrake_linux	8.0	8.0.x

Vulnerability Database

289,599

CVE-2001-1030