CVE-2019-18860

Related Files

Red Hat Security Advisory 2020-4743-01

Posted Nov 4, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4743-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow, bypass, cross site request forgery, denial of service, heap overflow, information leakage, and out of bounds read vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability, csrf

systems | linux, redhat

advisories | CVE-2019-12520, CVE-2019-12521, CVE-2019-12523, CVE-2019-12524, CVE-2019-12526, CVE-2019-12528, CVE-2019-12529, CVE-2019-12854, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678, CVE-2019-18679, CVE-2019-18860, CVE-2020-14058, CVE-2020-15049, CVE-2020-24606, CVE-2020-8449, CVE-2020-8450

SHA-256 | 6a36bcffb87c3fe39872c03d6a9977d9fae1e90b42488ae64fd7e983caa0c436

Download | Favorite | View

Ubuntu Security Notice USN-4356-1

Posted May 13, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4356-1 - Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. It was discovered that Squid incorrectly handled the hostname parameter to cachemgr.cgi when certain browsers are used. A remote attacker could possibly use this issue to inject HTML or invalid characters in the hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Various other issues were also addressed.

tags | advisory, remote, arbitrary, cgi

systems | linux, ubuntu

advisories | CVE-2019-12519, CVE-2019-18860, CVE-2020-11945

SHA-256 | 960fef25aa8c71a4e17e850351da212e243879b78cfe6f657b38729f18431115

Download | Favorite | View