CVE-2019-18678
squid: HTTP Request Splitting issue in HTTP message processing
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.
Se descubrió un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. Permite a atacantes pasar un trafico no autorizado de peticiones HTTP mediante el software frontend e una instancia de Squid que divide la tubería de la petición HTTP de manera diferente. Los mensajes de respuesta resultantes corrompen las memorias caché (entre un cliente y Squid) con contenido controlado por el atacante en URL arbitrarias. Los efectos son aislados del software entre el cliente atacante y Squid. No existen efectos en Squid en sí, ni en ningún servidor ascendente. El problema está relacionado con un encabezado de petición que contiene espacios en blanco entre un nombre de encabezado y dos puntos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-04 CVE Reserved
- 2019-11-26 CVE Published
- 2024-03-21 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2019_10.txt | Third Party Advisory | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch | Release Notes | |
| https://bugzilla.suse.com/show_bug.cgi?id=1156323 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/squid-cache/squid/pull/445 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 3.0 <= 3.5.28 Search vendor "Squid-cache" for product "Squid" and version " >= 3.0 <= 3.5.28" | - |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 4.0 <= 4.8 Search vendor "Squid-cache" for product "Squid" and version " >= 4.0 <= 4.8" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||