squidGuard Advisory: SG-2007-04-15
Two bypass vulnerabilities fixed|
Date: 15 April 2007
Affected versions: < 1.2.1
Corrected in version 1.2.1
- Multiple slash bypass vulnerability
By supplying multiple slashes in an URL it is possible to bypass
the filter and access blocked sites.
Special thanks to Alberto Colosi for reporting this
error and Mark Clayton (mark_clayton (at) users.sourceforge.net) for fixing it.
- Encoding bypass vulnerability
A bug has been found and fixed in the URL decoding method. By
substituting one or more parts of an URL with ascii code the filter
could be bypassed.
Corrected version available at: