Количество 14
Количество 14
CVE-2025-62168
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.
CVE-2025-62168
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.
CVE-2025-62168
Squid vulnerable to information disclosure via authentication credential leakage in error handling
CVE-2025-62168
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, ...
SUSE-SU-2025:4099-1
Security update for squid
SUSE-SU-2025:4029-1
Security update for squid
SUSE-SU-2025:4026-1
Security update for squid
SUSE-SU-2025:3902-1
Security update for squid
RLSA-2025:21002
Important: squid security update
ELSA-2025-20935
ELSA-2025-20935: squid security update (IMPORTANT)
ELSA-2025-19167
ELSA-2025-19167: squid security update (IMPORTANT)
ELSA-2025-19107
ELSA-2025-19107: squid:4 security update (IMPORTANT)
BDU:2025-13226
Уязвимость конфигурации email_err_data on прокси-сервера Squid, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
ROS-20251112-01
Множественные уязвимости squid
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off. | CVSS3: 10 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off. | CVSS3: 10 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-62168 Squid vulnerable to information disclosure via authentication credential leakage in error handling | CVSS3: 10 | 0% Низкий | около 1 месяца назад |
| CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to 7.2, ... | CVSS3: 10 | 0% Низкий | около 1 месяца назад |
 | SUSE-SU-2025:4099-1 Security update for squid | 0% Низкий | 17 дней назад | |
| SUSE-SU-2025:4029-1 Security update for squid | 0% Низкий | 21 день назад | |
| SUSE-SU-2025:4026-1 Security update for squid | 0% Низкий | 21 день назад | |
| SUSE-SU-2025:3902-1 Security update for squid | 0% Низкий | около 1 месяца назад | |
 | RLSA-2025:21002 Important: squid security update | 0% Низкий | 9 дней назад | |
| ELSA-2025-20935 ELSA-2025-20935: squid security update (IMPORTANT) | 6 дней назад | ||
| ELSA-2025-19167 ELSA-2025-19167: squid security update (IMPORTANT) | 13 дней назад | ||
| ELSA-2025-19107 ELSA-2025-19107: squid:4 security update (IMPORTANT) | около 1 месяца назад | ||
 | BDU:2025-13226 Уязвимость конфигурации email_err_data on прокси-сервера Squid, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации | CVSS3: 10 | 0% Низкий | 3 месяца назад |
 | ROS-20251112-01 Множественные уязвимости squid | CVSS3: 10 | 19 дней назад |
Уязвимостей на страницу