Lucene search

K
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_112695
HistoryFeb 10, 2021 - 12:00 a.m.

Squid < 4.8 Multiple Vulnerabilities

2021-02-1000:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

According to its self-reported version number, the version of Squid installed on the remote host is prior to 4.8. It is, therefore, affected by multiple vulnerabilities:

  • A denial of service exists due to incorrect buffer management when processing HTTP Basic Authentication and HTTP Digest Authentication credentials. (CVE-2019-12525 / CVE-2019-12529)

  • An access control bypass, a cache poisoning and a Cross-Site Scripting (XSS) exist due to incorrect URL handling when processing HTTP Request messages. (CVE-2019-12520 / CVE-2019-12524)

  • A heap overflow and a possible remote code execution exist due to incorrect buffer management when processing HTTP Authentication credentials. (CVE-2019-12527)

  • Multiple Cross-Site Scripting (XSS) exist in cachemgr.cgi tool due to incorrect input handling. (CVE-2019-12854 / CVE-2019-13345) Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersionCPE
squid-cachesquid*cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*