CVE-2005-0173

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0173
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
squid / squid	2.3.stable3	2.3.stable3.x
squid / squid	2.2.stable2	2.2.stable2.x
squid / squid	2.2.stable3	2.2.stable3.x
squid / squid	2.0.patch2	2.0.patch2.x
squid / squid	2.1.patch2	2.1.patch2.x
squid / squid	2.5.stable5	2.5.stable5.x
squid / squid	2.2.stable4	2.2.stable4.x
squid / squid	2.0.patch1	2.0.patch1.x
squid / squid	2.1.patch1	2.1.patch1.x
squid / squid	2.3.devel3	2.3.devel3.x
squid / squid	2.5.stable3	2.5.stable3.x
squid / squid	2.4.stable4	2.4.stable4.x
squid / squid	2.1.release	2.1.release.x
squid / squid	2.5.stable1	2.5.stable1.x
squid / squid	2.0.release	2.0.release.x
squid / squid	2.1.pre4	2.1.pre4.x
squid / squid	2.1.pre3	2.1.pre3.x
squid / squid	2.3.stable1	2.3.stable1.x
squid / squid	2.4.stable7	2.4.stable7.x
squid / squid	2.2.devel4	2.2.devel4.x
squid / squid	2.5.stable6	2.5.stable6.x
squid / squid	2.3.stable2	2.3.stable2.x
squid / squid	2.4.stable1	2.4.stable1.x
squid / squid	2.2.stable1	2.2.stable1.x
squid / squid	2.5.stable4	2.5.stable4.x
squid / squid	2.5.stable2	2.5.stable2.x
squid / squid	2.3.stable4	2.3.stable4.x
squid / squid	2.1.pre1	2.1.pre1.x
squid / squid	2.4.stable2	2.4.stable2.x
squid / squid	2.2.pre1	2.2.pre1.x
squid / squid	2.2.devel3	2.2.devel3.x
squid / squid	2.4.stable3	2.4.stable3.x
squid / squid	2.3.stable5	2.3.stable5.x
squid / squid	2.2.stable5	2.2.stable5.x
squid / squid	2.2.pre2	2.2.pre2.x
squid / squid	2.0.pre1	2.0.pre1.x
squid / squid	2.4.stable6	2.4.stable6.x
squid / squid	2.3.devel2	2.3.devel2.x

Vulnerability Database

289,599

CVE-2005-0173