CVE-1999-1481

Squid <= 2.2.STABLE5 - Authentication Bypass via Newline in User/Password Pair

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1481. PoCs published by Oezguer Kesim.

AI-analyzed exploit summary This is a detailed writeup describing an authentication bypass vulnerability in Squid Web Proxy Cache versions 2.2-STABLE5 and below. The exploit leverages improper handling of newlines in base64-encoded credentials to shift authentication responses, allowing unauthorized access.

Description

Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Oezguer Kesim · textremotelinux
https://www.exploit-db.com/exploits/19567

This is a detailed writeup describing an authentication bypass vulnerability in Squid Web Proxy Cache versions 2.2-STABLE5 and below. The exploit leverages improper handling of newlines in base64-encoded credentials to shift authentication responses, allowing unauthorized access.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Squid Web Proxy Cache <= 2.2-STABLE5
No auth needed
Prerequisites: External authentication enabled · Access to the proxy server · Base64 encoding tool
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3433
Patch, Vendor Advisory x_refsource_confirm
http://www.squid-cache.org/Versions/v2/2.2/bugs/
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/741
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/33295

Scores

EPSS 0.0357
EPSS Percentile 88.0%

Details

Status published
Products (5)
national_science_foundation/squid_web_proxy 1.0
national_science_foundation/squid_web_proxy 1.0novm
national_science_foundation/squid_web_proxy 1.1
national_science_foundation/squid_web_proxy 2.1
national_science_foundation/squid_web_proxy 2.2
Published Dec 31, 1999
Tracked Since Feb 18, 2026