Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2018-1283, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)

Summary There are multiple vulnerabilities in Apache HTTP Server affecting IBM Rational Build Forge. Vulnerability Details CVEID: CVE-2018-1283 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by an error when modsession is configured with SessionEnv...

SUSE SLES12 Security Update : squid (SUSE-SU-2020:0661-1)

This update for squid fixes the following issues : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI...

EulerOS 2.0 SP5 : squid (EulerOS-SA-2020-1133)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...

CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-4213-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4213-1 advisory. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use thi...

USN-4213-1: Squid vulnerabilities

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-12523 Jeriko One...

CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

CVE-2019-18679

The CVE-2019-18679 issue affects Squid 2.x–4.x (through 4.8) and arises from incorrect data management during HTTP Digest Authentication, where nonce tokens contain the raw pointer byte value from heap memory. This information disclosure reduces ASLR effectiveness and could assist attackers targe...

CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

openSUSE: Security Advisory for squid (openSUSE-SU-2019:2540-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for squid (important)

openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2019:2541-1 Rating: important References: 1133089 1140738 1141329 1141330 1141332 1141442 1156323 1156324 1156326 1156328 1156329 Cross-References: CVE-2019-12523 CVE-2019-12525 CVE-2019-12526 CVE-2019-12527...

FreeBSD : squid -- Vulnerable to HTTP Digest Authentication (620685d6-0aa3-11ea-9673-4c72b94353b5)

Squid Team reports : Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces...

CVE-2018-1312

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...

CVE-2016-2161

It was discovered that the modauthdigest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication...

Squid Security Update Advisory SQUID-2018:3

Squid is prone to a denial of service vulnerability due to incorrect buffer management when processing HTTP Digest Authentication credentials. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Security fix for the ALT Linux 9 package squid version 4.8-alt1

4.8-alt1 built July 16, 2019 Alexey Shabalin in task 234609 --- July 15, 2019 Alexey Shabalin - Updated to 4.8 - Fixes: + CVE-2019-12854 Denial of Service issue in cachemgr.cgi + CVE-2019-12529 Denial of Service in HTTP Basic Authentication + CVE-2019-12525 Denial of Service in HTTP Digest...

Privilege Escalation

Apache HTTP Server is vulnerable to privilege escalation. This is because, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. An attacker could replay the HTTP requests across servers without...

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of serviceDoS attacks. A remote attacker can exploit a flaw in the modauthdigest module of httpd which does not properly check memory allocation failures causing httpd child processes to repeatedly crash if the server used HTTP digest authentication...