Re: [squid-users] Squid ACL [url_regex] bypass vulnerability

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 15 Feb 2005 10:28:07 +0100 (CET)

On Tue, 15 Feb 2005, Yong Bong Fong wrote:

>> A bug in Squid allows users to bypass certain access controls by passing a
>> URL containing "%00" which exploits the Squid decoding function.

See http://www.squid-cache.org/Advisories/SQUID-2004_1.txt for details of
this old vulnerability.

> Does it mean that any url containing the symbol "%" will not work with
> url_regex?

url_regex normalizes the URL, if not it would be trivial to bypass by just
%nn encoding sensitive parts.

As a sideeffect matching % is not easy.

Regards
Henrik
Received on Tue Feb 15 2005 - 02:28:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST