CVE-2004-2480

Squid Web Proxy Cache 2.3.STABLE5 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2480. PoCs published by Nuno Costa.

AI-analyzed exploit summary The exploit describes an access control bypass vulnerability in Squid proxy (version 2.3.STABLE5) where malformed URIs can bypass restrictions, allowing users to access restricted internet resources. The provided example URI demonstrates the bypass technique.

Description

Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Nuno Costa · textremotelinux
https://www.exploit-db.com/exploits/24105

The exploit describes an access control bypass vulnerability in Squid proxy (version 2.3.STABLE5) where malformed URIs can bypass restrictions, allowing users to access restricted internet resources. The provided example URI demonstrates the bypass technique.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Squid proxy 2.3.STABLE5
No auth needed
Prerequisites: Access to a restricted Squid proxy instance
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10315
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16153
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-05/0070.html

Scores

EPSS 0.0303
EPSS Percentile 85.9%

Details

Status published
Products (1)
national_science_foundation/squid_web_proxy_cache 2.3_stable5
Published Dec 31, 2004
Tracked Since Feb 18, 2026