FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- possible abuse of cachemgr.cgi

Affected packages
squid < 2.5.10

Details

VuXML ID a395397c-c7c8-11d9-9e1e-c296ac722cb3
Discovery 1999-07-29
Entry 2005-05-19

The squid patches page notes:

This patch adds access controls to the cachemgr.cgi script, preventing it from being abused to reach other servers than allowed in a local configuration file.

References

CVE Name CVE-1999-0710
URL http://www.squid-cache.org/bugs/show_bug.cgi?id=1094
URL http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-cachemgr_conf