VYPR
Unrated severityNVD Advisory· Published Mar 15, 2004· Updated Jun 16, 2026

CVE-2004-0189

CVE-2004-0189

Description

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • Squid Cache/Squid7 versions
    cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:squid:squid:2.0_patch2:*:*:*:*:*:*:*
    • cpe:2.3:a:squid:squid:2.1_patch2:*:*:*:*:*:*:*
    • cpe:2.3:a:squid:squid:2.3_stable5:*:*:*:*:*:*:*
    • cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:squid:squid:2.4_stable7:*:*:*:*:*:*:*
    • cpe:2.3:a:squid:squid:2.5_stable3:*:*:*:*:*:*:*
    • cpe:2.3:a:squid:squid:2.5_stable4:*:*:*:*:*:*:*
  • Squidex/Squidexllm-fuzzy
    Range: <=2.5STABLE4

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.