PT-2025-50582

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.600 Description The application does not properly handle arguments within the cachemgr.cgi script when the Squid module and its Cache Manager feature are enabled. This issue arises if an unauthorized user gains acces...

Oracle Linux 8 : squid:4 (ELSA-2019-3476)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3476 advisory. - The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter. CVE-2019-13345 Note that Nessus has not tested for this issue but...

SUSE CVE-2016-5408

Stack-based buffer overflow in the mungeotherline function in cachemgr.cgi in the squid package before 3.1.23-16.el68.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for...

SUSE CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

SUSE CVE-2019-18860

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host aka hostname parameter to cachemgr.cgi...

SUSE: Security Advisory (SUSE-SU-2019:2092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:1803-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Squid < 4.8 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is prior to 4.8. It is, therefore, affected by multiple vulnerabilities: - A denial of service exists due to incorrect buffer management when processing HTTP Basic Authentication and HTTP Digest...

CentOS 8 : squid:4 (CESA-2019:3476)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3476 advisory. - squid: XSS via username or auth parameter in cachemgr.cgi CVE-2019-13345 Note that Nessus has not tested for this issue but has instead relied only on the...

squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour

A flaw was found in squid. Squid, when certain web browsers are used, mishandles HTML in the host parameter to cachemgr.cgi which could result in squid behaving in unsecure way...

squid: Denial of service in cachemgr.cgi

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it...

Open Redirection

Squid is vulnerable to Open Redirection. When certain web browsers are used, HTML in the hostname parameter is mishandled to cachemgr.cgi...

SUSE SLES12 Security Update : squid (SUSE-SU-2020:1803-1)

This update for squid fixes the following issues : CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake bsc1173304. CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi bsc1167373. Note that Tenable Network Security ha...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Squid vulnerabilities (USN-4356-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4356-1 advisory. Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes ESI responses. A malicious remote server could...

SUSE SLES12 Security Update : squid (SUSE-SU-2020:1134-1)

This update for squid to version 4.11 fixes the following issues : CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication bsc1170313. CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote...

Scientific Linux Security Update : squid on SL7.x x86_64 (20200407)

squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service squid: XSS via username or auth parameter in cachemgr.cgi C Tenable Network Security, Inc. The...

CVE-2019-12854

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it...

squid security and bug fix update

7:3.5.20-15 - Resolves: 1690551 - Squid cachepeer DNS lookup failed when not all lower case - Resolves: 1680022 - squid cant display download/upload packet size for HTTPS sites - Resolves: 1717430 - Excessive memory usage when running out of descriptors - Resolves: 1676420 - Cache siblings return...

Cross-Site Scripting (XSS)

squid is vulnerasble to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the username or auth parameter in cachemgr.cgi...

squid: XSS via user_name or auth parameter in cachemgr.cgi

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...