PT-2019-5185 · Squid+7 · Squid+8

Kristoffer Danielsson

Publicado

2019-11-14

Atualizado

2024-06-15

CVE-2019-18677

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Squid versions 3.x through 4.8

Description The issue arises when the append domain setting is used, due to improper interaction between appended characters and hostname length restrictions, leading to incorrect message processing. This can cause traffic to be inappropriately redirected to unintended origins. The vulnerability in the append domain parameter of the Squid proxy server is related to shortcomings in the mechanisms against cross-site forgery, allowing a remote attacker to access and compromise confidential data.

Recommendations For Squid versions 3.x through 4.8, consider disabling the append domain setting as a temporary workaround until a patch is available. Restrict access to the Squid proxy server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

ALSA-2020:4743

ALT-PU-2020-1479

ALT-PU-2020-1494

BDU:2020-01858

CESA-2020_4743

CVE-2019-18677

DLA-2028-1

DLA-2278-1

DSA-4682-1

MGASA-2019-0382

OPENSUSE-SU-2019:2540-1

OPENSUSE-SU-2019:2541-1

OPENSUSE-SU-2019_2540-1

OPENSUSE-SU-2019_2541-1

OPENSUSE-SU-2024:11403-1

RHSA-2020:4743

RHSA-2020_4743

RLSA-2020:4743

SUSE-SU-2019:2975-1

SUSE-SU-2019:3067-1

SUSE-SU-2020:0661-1

SUSE-SU-2020:14460-1

USN-4213-1

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

PT-2019-5185 · Squid+7 · Squid+8

CVE-2019-18677

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 164