Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-12528

Опубликовано: 02 фев. 2020
Источник: redhat
CVSS3: 5.9
EPSS Средний

Описание

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

Меры по смягчению последствий

As a workaround, it is possible to disable support for FTP. In order to do so, remove the following line from your squid configuration file: acl Safe_ports 21 Then add the following lines to your squid configuration file: acl FTP proto FTP http_access deny FTP

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5squidOut of support scope
Red Hat Enterprise Linux 6squidOut of support scope
Red Hat Enterprise Linux 6squid34Out of support scope
Red Hat Enterprise Linux 7squidFixedRHSA-2020:408230.09.2020
Red Hat Enterprise Linux 8squidFixedRHSA-2020:474304.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1798534squid: Information Disclosure issue in FTP Gateway

EPSS

Процентиль: 96%
0.24909
Средний

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-12528

CVSS3: 7.5
ubuntu
больше 5 лет назад

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

nvd логотип

CVE-2019-12528

CVSS3: 7.5
nvd
больше 5 лет назад

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

debian логотип

CVE-2019-12528

CVSS3: 7.5
debian
больше 5 лет назад

An issue was discovered in Squid before 4.10. It allows a crafted FTP ...

github логотип

GHSA-pjg3-3q79-q39r

CVSS3: 7.5
github
около 3 лет назад

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

fstec логотип

BDU:2020-05767

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость прокси-сервера Squid, связанная с выходом операции за границы буфера в памяти, позволяюшая нарушителю получить доступ к защищаемой информации

EPSS

Процентиль: 96%
0.24909
Средний

5.9 Medium

CVSS3