Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-12524
HistoryApr 15, 2020 - 12:00 a.m.

CVE-2019-12524

2020-04-1500:00:00
ubuntu.com
ubuntu.com
23

0.011 Low

EPSS

Percentile

84.4%

An issue was discovered in Squid through 4.7. When handling requests from
users, Squid checks its rules to see if the request should be denied. Squid
by default comes with rules to block access to the Cache Manager, which
serves detailed server information meant for the maintainer. This rule is
implemented via url_regex. The handler for url_regex rules URL decodes an
incoming request. This allows an attacker to encode their URL to bypass the
url_regex check, and gain access to the blocked resource.

Notes

Author Note
mdeslaur fixed in Debian’s 3.5.23-5+deb9u2 same patch as CVE-2019-12520
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsquid3<Β 3.5.27-1ubuntu1.7UNKNOWN