DansGuardian Hex编码URL内容过滤规则可绕过漏洞发布时间:2002-07-26 更新时间:2002-07-26 严重程度:中 威胁程度:其它 错误类型:输入验证错误 利用方式:服务器模式 BUGTRAQ ID:5291 受影响系统 Daniel Barron DansGuardian 2 2.2.4详细描述 DansGuardian是基于SQUID HTTP代理服务器的WEB内容过滤器,可在多种系统平台上使用。 DansGuardian当处理包含HEX编码字符的URL时存在问题,使恶意用户可以绕过某些过滤规则而访问网站保护内容。 测试代码 无 解决方案 升级程序: Daniel Barron DansGuardian 2 2.2.4: Daniel Barron Upgrade DansGuardian-2.4.5-1.source.tar.gz http://mirror.dansguardian.org/downloads/2/Stable/DansGuardian-2.4.5-1.source.tar.gz Daniel Barron DansGuardian 2 2.2.5: Daniel Barron Upgrade DansGuardian-2.4.5-1.source.tar.gz http://mirror.dansguardian.org/downloads/2/Stable/DansGuardian-2.4.5-1.source.tar.gz Daniel Barron DansGuardian 2 2.2.6: Daniel Barron Upgrade DansGuardian-2.4.5-1.source.tar.gz http://mirror.dansguardian.org/downloads/2/Stable/DansGuardian-2.4.5-1.source.tar.gz Daniel Barron DansGuardian 2 2.2.7 -1: Daniel Barron Upgrade DansGuardian-2.4.5-1.source.tar.gz http://mirror.dansguardian.org/downloads/2/Stable/DansGuardian-2.4.5-1.source.tar.gz Daniel Barron DansGuardian 2 2.2.7: Daniel Barron Upgrade DansGuardian-2.4.5-1.source.tar.gz http://mirror.dansguardian.org/downloads/2/Stable/DansGuardian-2.4.5-1.source.tar.gz Daniel Barron DansGuardian 2 2.2.8: Daniel Barron Upgrade DansGuardian-2.4.5-1.source.tar.gz http://mirror.dansguardian.org/downloads/2/Stable/DansGuardian-2.4.5-1.source.tar.gz Daniel Barron DansGuardian 2 2.2.9 -1: Daniel Barron Upgrade DansGuardian-2.4.5-1.source.tar.gz http://mirror.dansguardian.org/downloads/2/Stable/DansGuardian-2.4.5-1.source.tar.gz Daniel Barron DansGuardian 2 2.2.9: Daniel Barron Upgrade DansGuardian-2.4.5-1.source.tar.gz http://mirror.dansguardian.org/downloads/2/Stable/DansGuardian-2.4.5-1.source.tar.gz Daniel Barron DansGuardian 2 2.2.10: Daniel Barron Upgrade DansGuardian-2.4.5-1.source.tar.gz http://mirror.dansguardian.org/downloads/2/Stable/DansGuardian-2.4.5-1.source.tar.gz 相关信息 DansGuardian changelog. 参考:http://dansguardian.org/ |
