Описание
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 4.9-2ubuntu1 |
| disco | released | 4.4-1ubuntu2.3 |
| eoan | released | 4.8-1ubuntu2.1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | 4.9-2ubuntu1 |
| focal | released | 4.9-2ubuntu1 |
| groovy | released | 4.9-2ubuntu1 |
| hirsute | released | 4.9-2ubuntu1 |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.5.27-1ubuntu1.4 |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 3.5.27-1ubuntu1.4 |
| esm-infra/focal | DNE | |
| esm-infra/xenial | not-affected | 3.5.12-1ubuntu7.9 |
| focal | DNE | |
| groovy | DNE |
Показывать по
5.8 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
An issue was discovered in Squid 3.x and 4.x through 4.8 when the appe ...
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
Уязвимость параметра append_domain прокси-сервера Squid, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
5.8 Medium
CVSS2
6.1 Medium
CVSS3