CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
95.7%
Jeriko One discovered that Squid incorrectly handled certain Edge Side
Includes (ESI) responses. A malicious remote server could cause Squid to
crash, possibly poison the cache, or possibly execute arbitrary code.
(CVE-2019-12519, CVE-2019-12521)
It was discovered that Squid incorrectly handled the hostname parameter to
cachemgr.cgi when certain browsers are used. A remote attacker could
possibly use this issue to inject HTML or invalid characters in the
hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 19.10. (CVE-2019-18860)
ClΓ©ment Berthaux and Florian Guilbert discovered that Squid incorrectly
handled Digest Authentication nonce values. A remote attacker could
use this issue to replay nonce values, or possibly execute arbitrary code.
(CVE-2020-11945)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 20.04 | noarch | squid | <Β 4.10-1ubuntu1.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | squid-cgi | <Β 4.10-1ubuntu1.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | squid-cgi-dbgsym | <Β 4.10-1ubuntu1.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | squid-common | <Β 4.10-1ubuntu1.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | squid-dbgsym | <Β 4.10-1ubuntu1.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | squid-purge | <Β 4.10-1ubuntu1.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | squid-purge-dbgsym | <Β 4.10-1ubuntu1.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | squidclient | <Β 4.10-1ubuntu1.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | squidclient-dbgsym | <Β 4.10-1ubuntu1.1 | UNKNOWN |
Ubuntu | 19.10 | noarch | squid | <Β 4.8-1ubuntu2.3 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
95.7%