SecuritySpace - CVE-2019-12524

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2019-12524

Description: An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-12524
Debian Security Information: DSA-4682 (Google Search)
https://www.debian.org/security/2020/dsa-4682
https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
https://usn.ubuntu.com/4446-1/

CVE ID:	CVE-2019-12524
Description:	An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12524 Debian Security Information: DSA-4682 (Google Search) https://www.debian.org/security/2020/dsa-4682 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://usn.ubuntu.com/4446-1/