20 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-18678
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits...
Amazon Linux 2 : squid (ALAS-2023-2318)
The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2318 advisory. An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the...
Amazon Linux 2 : squid (ALASSQUID4-2023-007)
The version of squid installed on the remote host is prior to 4.10-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2SQUID4-2023-007 advisory. An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTT...
SUSE CVE-2019-18678
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between a client and Squid with attacker-controlle...
SUSE: Security Advisory (SUSE-SU-2020:14460-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:0661-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:3067-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
ALSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
RLSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
[SECURITY] [DSA 4682-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4682-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2020 https://www.debian.org/security/faq -...
SUSE SLES12 Security Update : squid (SUSE-SU-2020:0661-1)
This update for squid fixes the following issues : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-1133)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-1034)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Internet Bug Bounty: HTTP Smuggling multiple issues in Squid 3.x & squid 4.x
Hello, as can be seen on a recent public security update by Squid I reported several smuggling issues. If you want some background on impact of Smuggling issues You can check the current works of James Keetle or my own previous published works. https://www.youtube.com/watch?v=upEMlJeUIk HTTP Desy...
[SECURITY] [DLA 2028-1] squid3 security update
Package : squid3 Version : 3.4.8-6+deb8u9 CVE ID : CVE-2019-12526 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 It was found that Squid, a high-performance proxy caching server for web clients, has been affected by the following security vulnerabilities. CVE-2019-12526 URN response handling in Squ...
Ubuntu: Security Advisory (USN-4213-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 31 : 7:squid (2019-9538783033)
New version update - squid 4.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
CVE-2019-18678
CVE-2019-18678 affects Squid 3.x and 4.x up to 4.8. It arises from a request header with whitespace between a header name and a colon, enabling an attacker to smuggle HTTP requests through frontend software to a Squid instance. The resulting Response messages corrupt caches between the client and...
Security update for squid (important)
openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2019:2541-1 Rating: important References: 1133089 1140738 1141329 1141330 1141332 1141442 1156323 1156324 1156326 1156328 1156329 Cross-References: CVE-2019-12523 CVE-2019-12525 CVE-2019-12526 CVE-2019-12527...