Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-12524

Опубликовано: 15 апр. 2020
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Версия до 4.7 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 71%
0.00711
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-306

Связанные уязвимости

ubuntu логотип

CVE-2019-12524

CVSS3: 9.8
ubuntu
около 5 лет назад

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.

redhat логотип

CVE-2019-12524

CVSS3: 5.3
redhat
около 5 лет назад

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.

debian логотип

CVE-2019-12524

CVSS3: 9.8
debian
около 5 лет назад

An issue was discovered in Squid through 4.7. When handling requests f ...

github логотип

GHSA-wwv6-9vqw-fwxx

github
около 3 лет назад

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.

fstec логотип

BDU:2020-02595

fstec
около 5 лет назад

Уязвимость прокси-сервера Squid, связанная с отсутствием механизма аутентификации для url_regex, позволяющая нарушителю получить доступ к заблокированному ресурсу

EPSS

Процентиль: 71%
0.00711
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-306