Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026
CVE-2005-0194
CVE-2005-0194
Description
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
Affected products
38cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*+ 37 more
- cpe:2.3:a:squid:squid:2.0.patch1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.0.patch2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.0.pre1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.0.release:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.patch1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.patch2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.pre1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.pre3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.pre4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.1.release:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.devel3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.devel4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.pre1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.pre2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.stable1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.stable2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.stable3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.stable4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.2.stable5:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.devel2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.devel3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.stable1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.stable2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.stable3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.stable4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.3.stable5:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable6:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.4.stable7:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable1:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable2:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable3:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable4:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable5:*:*:*:*:*:*:*
- cpe:2.3:a:squid:squid:2.5.stable6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- distro.conectiva.com.br/atualizacoes/nvdPatch
- www.debian.org/security/2005/dsa-667nvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/260421nvdPatchThird Party AdvisoryUS Government Resource
- www.squid-cache.org/Versions/v2/2.5/bugs/nvdPatch
- www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patchnvdPatch
- www.squid-cache.org/bugs/show_bug.cginvdVendor Advisory
- fedoranews.org/updates/FEDORA--.shtmlnvd
- marc.infonvd
News mentions
0No linked articles in our index yet.