Bypassing Access Control Lists in Squid HTTP Accelerator Mode

Bypassing Access Control Lists in Squid HTTP Accelerator Mode

CVE-2001-1030 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Learn more about our Web Application Penetration Testing UK.