Lucene search

K
redosRedosROS-20230112-01
HistoryJan 12, 2023 - 12:00 a.m.

ROS-20230112-01

2023-01-1200:00:00
redos.red-soft.ru
49

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

A vulnerability in the Squid caching proxy server is related to inconsistent processing of internal URIs.
Exploitation of the vulnerability could allow an attacker acting remotely to bypass ACL manager protections
and gain access to cache manager information, which includes records about the internal structure of the network, client credentials, client identities, and cache manager information.
network, client credentials, client ID, and client traffic behavior

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64squid<= 5.5-2UNKNOWN

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

Related for ROS-20230112-01