Squid@4.7 Security Vulnerabilities and Issues — Squid@4.7 CVE List

Lucene search

Squid-cacheSquid4.7

4 matches found

CVE•added 2020/04/15 7:15 p.m.•815 views

CVE-2019-12522

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child proces...

4.5CVSS4.9AI score0.00275EPSS

CVE•added 2020/04/15 7:15 p.m.•348 views

CVE-2019-12521

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements...

5.9CVSS7.5AI score0.01004EPSS

CVE•added 2020/04/15 7:15 p.m.•274 views

CVE-2019-12524

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is imp...

9.8CVSS9.2AI score0.00861EPSS

CVE•added 2020/04/15 8:15 p.m.•188 views

CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (usern...

7.5CVSS8.3AI score0.03413EPSS