Lucene search

K
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_112693
HistoryFeb 10, 2021 - 12:00 a.m.

Squid < 4.10 Multiple Vulnerabilities

2021-02-1000:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
35

According to its self-reported version number, the version of Squid installed on the remote host is prior to 4.10. It is, therefore, affected by multiple vulnerabilities:

  • Due to incorrect data management Squid is vulnerable to a information disclosure when translating FTP server listings into HTTP responses. (CVE-2019-12528)

  • Due to incorrect input validation Squid can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. (CVE-2020-8449)

  • Due to incorrect buffer management a remote client can cause a buffer overflow in a Squid acting as reverse-proxy. (CVE-2020-8450) Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersionCPE
squid-cachesquid*cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*