logo
DATABASE RESOURCES PRICING ABOUT US

Squid < 4.10 Multiple Vulnerabilities

Description

According to its self-reported version number, the version of Squid installed on the remote host is prior to 4.10. It is, therefore, affected by multiple vulnerabilities: - Due to incorrect data management Squid is vulnerable to a information disclosure when translating FTP server listings into HTTP responses. (CVE-2019-12528) - Due to incorrect input validation Squid can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. (CVE-2020-8449) - Due to incorrect buffer management a remote client can cause a buffer overflow in a Squid acting as reverse-proxy. (CVE-2020-8450) Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.


Related