6.1

CVE-2019-18677

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cacheSquid Version >= 2.0 <= 2.7
Squid-cacheSquid Version >= 3.0 <= 3.5.28
Squid-cacheSquid Version >= 4.0 <= 4.8
Squid-cacheSquid Version2.7 Updatestable2
Squid-cacheSquid Version2.7 Updatestable3
Squid-cacheSquid Version2.7 Updatestable4
Squid-cacheSquid Version2.7 Updatestable5
Squid-cacheSquid Version2.7 Updatestable6
Squid-cacheSquid Version2.7 Updatestable7
Squid-cacheSquid Version2.7 Updatestable8
Squid-cacheSquid Version2.7 Updatestable9
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
CanonicalUbuntu Linux Version19.10
FedoraprojectFedora Version30
FedoraprojectFedora Version31
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.24% 0.935
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
https://usn.ubuntu.com/4213-1/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/
https://www.debian.org/security/2020/dsa-4682
https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html
Third Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
Third Party Advisory
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch
Release Notes
http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch
Release Notes
https://bugzilla.suse.com/show_bug.cgi?id=1156328
Third Party Advisory
Issue Tracking
https://github.com/squid-cache/squid/pull/427
Patch
Third Party Advisory