CVE-2019-12524
squid: Improper access restriction in url_regex may lead to security bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.
Se detectó un problema en Squid versiones hasta 4.7. Al manejar las peticiones de los usuarios, Squid verifica sus reglas para visualizar si la petición debe ser denegada. Squid por defecto viene con reglas para bloquear el acceso al Cache Manager, que sirve información detallada del servidor destinada al mantenedor. Esta regla es implementada por medio de url_regex. El manejador de reglas URL de url_regex decodifica una petición entrante. Esto permite a un atacante codificar su URL para omitir la comprobación de url_regex y obtener acceso al recurso bloqueado.
A flaw was found in squid. The Cache Manager for Squid has rules that, by default, block access to anyone other than the maintainer. An attacker, with the ability to send a properly crafted URL, can bypass the url_regex check and gain access to the blocked resource. The highest threat from this vulnerability is to data confidentiality.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-06-02 CVE Reserved
- 2020-04-15 CVE Published
- 2024-02-18 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210205-0006 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/4446-1 | 2021-02-09 | |
| https://www.debian.org/security/2020/dsa-4682 | 2021-02-09 | |
| https://access.redhat.com/security/cve/CVE-2019-12524 | 2020-11-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1827570 | 2020-11-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | <= 4.7 Search vendor "Squid-cache" for product "Squid" and version " <= 4.7" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||