Loading
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Use Squid vendor hub and Squid product page to widen CVE-2004-0189 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2005-1711, CVE-2005-1519 and CVE-2009-0478 for nearby disclosures in the same product family.