6.1
CVE-2019-18677
- EPSS 4.21%
- Veröffentlicht 26.11.2019 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:33:30
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cache ≫ Squid Version >= 2.0 <= 2.7
Squid-cache ≫ Squid Version >= 3.0 <= 3.5.28
Squid-cache ≫ Squid Version >= 4.0 <= 4.8
Squid-cache ≫ Squid Version2.7 Updatestable2
Squid-cache ≫ Squid Version2.7 Updatestable3
Squid-cache ≫ Squid Version2.7 Updatestable4
Squid-cache ≫ Squid Version2.7 Updatestable5
Squid-cache ≫ Squid Version2.7 Updatestable6
Squid-cache ≫ Squid Version2.7 Updatestable7
Squid-cache ≫ Squid Version2.7 Updatestable8
Squid-cache ≫ Squid Version2.7 Updatestable9
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.04
Canonical ≫ Ubuntu Linux Version19.10
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.21% | 0.883 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.