CVE-2019-12524

Related Files

Red Hat Security Advisory 2020-4743-01

Posted Nov 4, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4743-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow, bypass, cross site request forgery, denial of service, heap overflow, information leakage, and out of bounds read vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability, csrf

systems | linux, redhat

advisories | CVE-2019-12520, CVE-2019-12521, CVE-2019-12523, CVE-2019-12524, CVE-2019-12526, CVE-2019-12528, CVE-2019-12529, CVE-2019-12854, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678, CVE-2019-18679, CVE-2019-18860, CVE-2020-14058, CVE-2020-15049, CVE-2020-24606, CVE-2020-8449, CVE-2020-8450

SHA-256 | 6a36bcffb87c3fe39872c03d6a9977d9fae1e90b42488ae64fd7e983caa0c436

Download | Favorite | View

Ubuntu Security Notice USN-4446-2

Posted Aug 27, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4446-2 - USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, protocol

systems | linux, ubuntu

advisories | CVE-2019-12520, CVE-2019-12523, CVE-2019-12524, CVE-2019-18676

SHA-256 | be7270eca51d9106f34f71c4e2558648d8f85a5fc7f6800b486c696796ffa772

Download | Favorite | View

Ubuntu Security Notice USN-4446-1

Posted Aug 3, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4446-1 - Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. Various other issues were also addressed.

tags | advisory, remote

systems | linux, ubuntu

advisories | CVE-2019-12520, CVE-2019-12523, CVE-2019-12524, CVE-2019-18676

SHA-256 | 453c45e1e977706dd9df86e6b0e233df4034586c410db15835f1d98ec2f927b9

Download | Favorite | View

Debian Security Advisory 4682-1

Posted May 28, 2020

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4682-1 - Multiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary, info disclosure

systems | linux, debian

advisories | CVE-2019-12519, CVE-2019-12520, CVE-2019-12521, CVE-2019-12523, CVE-2019-12524, CVE-2019-12526, CVE-2019-12528, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678, CVE-2019-18679, CVE-2020-11945, CVE-2020-8449, CVE-2020-8450

SHA-256 | 87ca95b4ae1d88238583d52bb863f0a6581ef8c84693704ff5fc9f5b91f4325a

Download | Favorite | View