PT-2019-5332 · Squid+7 · Squid+8

Yadij

Publicado

2019-07-05

Atualizado

2024-06-15

CVE-2019-13345

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Squid versions prior to 4.7

Description The issue is related to the cachemgr.cgi utility of the Squid proxy server, where it fails to take measures to protect the structure of web pages. This can be exploited by a remote attacker to perform cross-site scripting attacks through the user name or auth parameter.

Recommendations For Squid versions prior to 4.7, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the user name and auth parameters in the cachemgr.cgi web module until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALSA-2019:3476

ALT-PU-2019-2264

ALT-PU-2019-2271

BDU:2020-02401

CESA-2019_3476

CESA-2020_1068

CVE-2019-13345

DLA-1847-1

DLA-2278-1

DSA-4507-1

MGASA-2019-0265

MGASA-2019-0266

OPENSUSE-SU-2019:1963-1

OPENSUSE-SU-2019:2540-1

OPENSUSE-SU-2019:2541-1

OPENSUSE-SU-2019_1963-1

OPENSUSE-SU-2019_2540-1

OPENSUSE-SU-2019_2541-1

OPENSUSE-SU-2024:11403-1

RHSA-2019:3476

RHSA-2019_3476

RHSA-2020:1068

RHSA-2020_1068

RLSA-2019:3476

SUSE-SU-2019:2089-1

SUSE-SU-2019:2089-2

SUSE-SU-2019:2092-1

SUSE-SU-2019:2975-1

SUSE-SU-2019:3067-1

SUSE-SU-2019_2092-1

SUSE-SU-2020:14460-1

USN-4059-1

USN-4059-2

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

PT-2019-5332 · Squid+7 · Squid+8

CVE-2019-13345

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 147