logo
DATABASE RESOURCES PRICING ABOUT US

Squid < 4.11 Multiple Vulnerabilities

Description

According to its self-reported version number, the version of Squid installed on the remote host is 5.x < 5.0.2 or prior to 4.11. It is, therefore, affected by multiple vulnerabilities: - Due to incorrect buffer handling Squid is vulnerable to cache poisoning, remote execution, and denial of service attacks when processing ESI responses. (CVE-2019-12519 / CVE-2019-12521) - Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. (CVE-2020-11945) Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.


Related