Showing 1 - 5 of 5

CVE-2019-13345

Status Candidate

Overview

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.

Red Hat Security Advisory 2020-1068-01: Posted Apr 1, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-1068-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include cross site scripting and denial of service vulnerabilities.; tags | advisory, web, denial of service, vulnerability, xss; systems | linux, redhat; advisories | CVE-2018-1000024, CVE-2018-1000027, CVE-2019-13345; SHA-256 | e491a1a292c8d9aa0c989b6e9a177155c755cf4c0c61cd16efdd623077aa2183; Download | Favorite | View

Red Hat Security Advisory 2019-3476-01: Posted Nov 6, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-3476-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a cross site scripting vulnerability.; tags | advisory, web, xss; systems | linux, redhat; advisories | CVE-2019-13345; SHA-256 | d476cc6b3e4afe0a1fd193f68ad6e0e3ef33fcc193cbce8ae5a22787e9ba441a; Download | Favorite | View

Debian Security Advisory 4507-1: Posted Aug 26, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform denial of service and cross-site scripting attacks, and potentially the execution of arbitrary code.; tags | advisory, remote, web, denial of service, arbitrary, cgi, vulnerability, xss; systems | linux, debian; advisories | CVE-2019-12525, CVE-2019-12527, CVE-2019-12529, CVE-2019-12854, CVE-2019-13345; SHA-256 | 102dff8cdfc700c7a5976e0e1116143994d1ce59068df780c80abd9cf39dc312; Download | Favorite | View

Ubuntu Security Notice USN-4059-2: Posted Jul 17, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4059-2 - USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 12.04 ESM. Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.; tags | advisory, remote, denial of service, vulnerability; systems | linux, ubuntu; advisories | CVE-2018-1000024, CVE-2018-1000027, CVE-2019-13345; SHA-256 | 72713635f73dbb5ee46e370a259adb5cd7db856b32b484218c1f0fcbe36e3a1c; Download | Favorite | View

Ubuntu Security Notice USN-4059-1: Posted Jul 16, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.; tags | advisory, remote, web, denial of service, cgi, xss; systems | linux, ubuntu; advisories | CVE-2018-19132, CVE-2019-13345; SHA-256 | c8c4c910610e5c8e2dd0704acd9d7a236239ea0494320f5de196638e2405ad2f; Download | Favorite | View

Page 1 of 1 Back 1 Next