An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 04:33
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.squid-cache.org/Advisories/SQUID-2019_9.txt - Third Party Advisory | |
References | () http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch - Release Notes | |
References | () http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch - Release Notes | |
References | () https://bugzilla.suse.com/show_bug.cgi?id=1156328 - Issue Tracking, Third Party Advisory | |
References | () https://github.com/squid-cache/squid/pull/427 - Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html - Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/ - | |
References | () https://usn.ubuntu.com/4213-1/ - Third Party Advisory | |
References | () https://www.debian.org/security/2020/dsa-4682 - |
Information
Published : 2019-11-26 17:15
Updated : 2024-11-21 04:33
NVD link : CVE-2019-18677
Mitre link : CVE-2019-18677
CVE.ORG link : CVE-2019-18677
JSON object : View
Products Affected
squid-cache
- squid
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-352
Cross-Site Request Forgery (CSRF)