 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.844520 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-4446-1) |
| Summary: | The remote host is missing an update for the 'squid3' package(s) announced via the USN-4446-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'squid3' package(s) announced via the USN-4446-1 advisory. Vulnerability Insight: Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. (CVE-2019-12520) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. (CVE-2019-12524) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-18676) Affected Software/OS: 'squid3' package(s) on Ubuntu 16.04, Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-12520 Debian Security Information: DSA-4682 (Google Search) https://www.debian.org/security/2020/dsa-4682 http://www.squid-cache.org/Versions/v4/ http://www.squid-cache.org/Versions/v4/changesets/ https://github.com/squid-cache/squid/commits/v4 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://usn.ubuntu.com/4446-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-12523 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/ https://usn.ubuntu.com/4213-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-12524 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt Common Vulnerability Exposure (CVE) ID: CVE-2019-18676 https://github.com/squid-cache/squid/pull/275 |
| Copyright | Copyright (C) 2020 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |