CVE-2019-12854

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it...

Mandriva Linux Security Advisory : squid (MDVSA-2013:129)

Updated squid packages fix security vulnerability : Due to missing input validation, the Squid cachemgr.cgi tool in Squid before 3.1.22 and 3.2.4 is vulnerable to a denial of service attack when processing specially crafted requests CVE-2012-5643. It was discovered that the patch for CVE-2012-564...

CVE-2013-0189

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service resource consumption via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or...

Squid cachemgr.cgi Proxied Port Scanning

RedHat Linux 6.0 installs by default a squid cache manager cgi script with no restricted access permissions. This script could be used to perform a port scan from the cgi-host machine. %NASLMINLEVEL 70300 This script was written by Alexis de Bernis See the Nessus Scripts License for details...