CVE-2012-4667

Name of the Vulnerable Software and Affected Versions SquidClamav versions prior to 5.8

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters to various CGI scripts. The vulnerable parameters include url, virus, source, and user. The affected scripts are located in the cgi-bin/ directory and include different language versions of clwarn.cgi.

Recommendations For SquidClamav versions prior to 5.8, update to version 5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the clwarn.cgi scripts and their language variants in the cgi-bin/ directory until the update is applied. Avoid using the vulnerable parameters url, virus, source, and user in the affected API endpoints until the issue is resolved.