CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2019-12520 – squid: Improper input validation in request allows for proxy manipulation
https://notcve.org/view.php?id=CVE-2019-12520
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. • http://www.squid-cache.org/Versions/v4 http://www.squid-cache.org/Versions/v4/changesets https://github.com/squid-cache/squid/commits/v4 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://security.netapp.com/advisory/ntap-20210205-0006 https://usn.ubuntu.com/4446-1 https://www.debian.org/security/2020/dsa-4682 https://access.redhat.com/security/cve/CVE-20 • CWE-20: Improper Input Validation •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12522
https://notcve.org/view.php?id=CVE-2019-12522
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root. Se detectó un problema en Squid versiones hasta 4.7. • https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt https://security.netapp.com/advisory/ntap-20210205-0006 • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 4%CPEs: 10EXPL: 0CVE-2019-12521 – squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash
https://notcve.org/view.php?id=CVE-2019-12521
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html http://www.openwall.com/lists/oss-security/2020/04/23/1 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://security.gentoo.org/glsa/202005-05 https://security.netapp.com/advisory/ntap-20210205-0006 https://usn.ubuntu.com/4356-1 https://www.debian.org/security/2020/dsa-4682 https://a • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2019-12524 – squid: Improper access restriction in url_regex may lead to security bypass
https://notcve.org/view.php?id=CVE-2019-12524
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. • https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://security.netapp.com/advisory/ntap-20210205-0006 https://usn.ubuntu.com/4446-1 https://www.debian.org/security/2020/dsa-4682 https://access.redhat.com/security/cve/CVE-2019-12524 https://bugzilla.redhat.com/show_bug.cgi?id=1827570 • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18860 – squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour
https://notcve.org/view.php?id=CVE-2019-18860
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. Squid versiones anteriores a 4.9, cuando determinados navegadores web son usados, maneja inapropiadamente HTML en el parámetro host (también se conoce como hostname) en el archivo cachemgr.cgi. A flaw was found in squid. Squid, when certain web browsers are used, mishandles HTML in the host parameter to cachemgr.cgi which could result in squid behaving in unsecure way. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html https://github.com/squid-cache/squid/pull/504 https://github.com/squid-cache/squid/pull/505 https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://usn.ubuntu.com/4356-1 https://www.debian.org/security/2020/dsa-4732 https://access.redhat.com/security/cve/CVE-2019-18860 https://bugzilla.redhat.com/show_bug.cgi?id=1817121 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •