Lucene search
Veracode Vulnerability DatabaseVERACODE:27193HistorySep 21, 2020 - 6:40 a.m.
HTTP Request Injection
2020-09-2106:40:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
EPSS
0.013
Percentile
86.2%
squid3 is vulnerable to HTTP Request Injection. The vulnerability exists through special characters in the decoded UserInfo, which is prepended in the absolute URLs, when it checks its cache to see if it can serve up a response on request by making a MD5 hash of the absolute URL of the request.
References
www.squid-cache.org/Versions/v4/
www.squid-cache.org/Versions/v4/changesets/
github.com/squid-cache/squid/commits/v4
gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt
lists.debian.org/debian-lts-announce/2020/07/msg00009.html
security.netapp.com/advisory/ntap-20210205-0006/
usn.ubuntu.com/4446-1/
www.debian.org/security/2020/dsa-4682
Related
redhatcve
redhatcve
CVE-2019-12520
2020-04-24 08:33:39
cve
cve
CVE-2019-12520
2020-04-15 20:15:13
prion
prion
Cross site request forgery (csrf)
2020-04-15 20:15:00
cvelist
cvelist
CVE-2019-12520
2020-04-15 19:14:25
nvd
nvd
CVE-2019-12520
2020-04-15 20:15:13
debiancve
debiancve
CVE-2019-12520
2020-04-15 20:15:13
osv
osv
CVE-2019-12520
2020-04-15 20:15:13
squid - security update
2020-05-08 00:00:00
Moderate: squid:4 security, bug fix, and enhancement update
2020-11-03 12:32:17
ubuntucve
ubuntucve
CVE-2019-12520
2020-04-15 00:00:00
CVE-2019-12524
2020-04-15 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : squid (EulerOS-SA-2022-1766)
2022-05-26 00:00:00
EulerOS 2.0 SP2 : squid (EulerOS-SA-2020-2399)
2020-11-03 00:00:00
EulerOS 2.0 SP8 : squid (EulerOS-SA-2020-1884)
2020-08-28 00:00:00
openvas
openvas
Squid 3.5.18 - 3.5.28 / 4.0.10 - 4.7 Multiple Vulnerabilities (SQUID-2019:4)
2020-04-24 00:00:00
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2022-1766)
2022-05-25 00:00:00
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-2399)
2020-11-04 00:00:00
hackerone
hackerone
Internet Bug Bounty: Cache Poisoning
2020-03-19 16:44:08
oraclelinux
oraclelinux
squid security update
2022-10-03 00:00:00
squid:4 security, bug fix, and enhancement update
2020-11-10 00:00:00
ubuntu
ubuntu
Squid regression
2020-08-27 00:00:00
Squid vulnerabilities
2020-08-03 00:00:00
debian
debian
[SECURITY] [DSA 4682-1] squid security update
2020-05-08 19:10:03
[SECURITY] [DLA 2278-1] squid3 security update
2020-07-10 21:55:24
rocky
rocky
squid:4 security, bug fix, and enhancement update
2020-11-03 12:32:17
redhat
redhat
(RHSA-2020:4743) Moderate: squid:4 security, bug fix, and enhancement update
2020-11-03 12:32:17
almalinux
almalinux
Moderate: squid:4 security, bug fix, and enhancement update
2020-11-03 12:32:17
rosalinux
rosalinux
Advisory ROSA-SA-2021-1976
2021-07-02 18:10:45