The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://www.squid-cache.org/Advisories/SQUID-2004_1.txt http://www.vuxml.org/freebsd/705e003a-7f36-11d8-9645-0020ed76ef5a.html

The following package is affected: squid CVE-2004-0189 The '%xx' URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ('%00') characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.