logo
DATABASE RESOURCES PRICING ABOUT US

Squid < 4.8 Multiple Vulnerabilities

Description

According to its self-reported version number, the version of Squid installed on the remote host is prior to 4.8. It is, therefore, affected by multiple vulnerabilities: - A denial of service exists due to incorrect buffer management when processing HTTP Basic Authentication and HTTP Digest Authentication credentials. (CVE-2019-12525 / CVE-2019-12529) - An access control bypass, a cache poisoning and a Cross-Site Scripting (XSS) exist due to incorrect URL handling when processing HTTP Request messages. (CVE-2019-12520 / CVE-2019-12524) - A heap overflow and a possible remote code execution exist due to incorrect buffer management when processing HTTP Authentication credentials. (CVE-2019-12527) - Multiple Cross-Site Scripting (XSS) exist in cachemgr.cgi tool due to incorrect input handling. (CVE-2019-12854 / CVE-2019-13345) Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.


Related