PT-2019-5332 · Squid+7 · Squid+8

Yadij

Published

2019-07-05

Updated

2024-06-15

CVE-2019-13345

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Squid versions prior to 4.7

Description The issue is related to the cachemgr.cgi utility of the Squid proxy server, where it fails to take measures to protect the structure of web pages. This can be exploited by a remote attacker to perform cross-site scripting attacks through the user name or auth parameter.

Recommendations For Squid versions prior to 4.7, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the user name and auth parameters in the cachemgr.cgi web module until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2019:3476

ALT-PU-2019-2264

ALT-PU-2019-2271

BDU:2020-02401

CESA-2019_3476

CESA-2020_1068

CVE-2019-13345

DLA-1847-1

DLA-2278-1

DSA-4507-1

MGASA-2019-0265

MGASA-2019-0266

OPENSUSE-SU-2019:1963-1

OPENSUSE-SU-2019:2540-1

OPENSUSE-SU-2019:2541-1

OPENSUSE-SU-2019_1963-1

OPENSUSE-SU-2019_2540-1

OPENSUSE-SU-2019_2541-1

OPENSUSE-SU-2024:11403-1

RHSA-2019:3476

RHSA-2019_3476

RHSA-2020:1068

RHSA-2020_1068

RLSA-2019:3476

SUSE-SU-2019:2089-1

SUSE-SU-2019:2089-2

SUSE-SU-2019:2092-1

SUSE-SU-2019:2975-1

SUSE-SU-2019:3067-1

SUSE-SU-2019_2092-1

SUSE-SU-2020:14460-1

USN-4059-1

USN-4059-2

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

PT-2019-5332 · Squid+7 · Squid+8

CVE-2019-13345

Weakness Enumeration

Related Identifiers

Affected Products

References · 147