Showing 1 - 2 of 2

CVE-2019-18860

Status Candidate

Overview

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

Red Hat Security Advisory 2020-4743-01: Posted Nov 4, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-4743-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow, bypass, cross site request forgery, denial of service, heap overflow, information leakage, and out of bounds read vulnerabilities.; tags | advisory, web, denial of service, overflow, vulnerability, csrf; systems | linux, redhat; advisories | CVE-2019-12520, CVE-2019-12521, CVE-2019-12523, CVE-2019-12524, CVE-2019-12526, CVE-2019-12528, CVE-2019-12529, CVE-2019-12854, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678, CVE-2019-18679, CVE-2019-18860, CVE-2020-14058, CVE-2020-15049, CVE-2020-24606, CVE-2020-8449, CVE-2020-8450; MD5 | 9d6e01336e2e2755764b1fc2058759d5; Download | Favorite | View

Ubuntu Security Notice USN-4356-1: Posted May 13, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4356-1 - Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. It was discovered that Squid incorrectly handled the hostname parameter to cachemgr.cgi when certain browsers are used. A remote attacker could possibly use this issue to inject HTML or invalid characters in the hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Various other issues were also addressed.; tags | advisory, remote, arbitrary, cgi; systems | linux, ubuntu; advisories | CVE-2019-12519, CVE-2019-18860, CVE-2020-11945; MD5 | 912e3785476f63f63c09c04aa1de6291; Download | Favorite | View

Page 1 of 1 Back 1 Next