CVE-2019-13345

Опубликовано: 05 июл. 2019

Источник: debian

EPSS Высокий

Описание

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.

Пакет	Статус	Версия исправления	Релиз	Тип
squid	fixed	4.8-1		package
squid3	removed			package

http://www.squid-cache.org/Advisories/SQUID-2019_6.txt
https://bugs.squid-cache.org/show_bug.cgi?id=4957
https://github.com/squid-cache/squid/pull/429
Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-be1dc8614e7514103ba84d4067ed6fd15ab8f82e.patch
Squid 3.x: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-5730c2b5cb56e7639dc423dd62651c8736a54e35.patch

EPSS

Процентиль: 99%

0.81221

Высокий

CVE-2019-13345

CVSS3: 6.1

ubuntu

почти 6 лет назад

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.

CVE-2019-13345

CVSS3: 4.3

redhat

почти 6 лет назад

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.

CVE-2019-13345

CVSS3: 6.1

nvd

почти 6 лет назад

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.

openSUSE-SU-2019:1963-1

suse-cvrf

почти 6 лет назад

Security update for squid

SUSE-SU-2019:2092-1

suse-cvrf

почти 6 лет назад

Security update for squid

EPSS

Процентиль: 99%

0.81221

Высокий