QwikSec

Security Database

CVE

CWE

Training

CVE-2019-12524

Published: Apr 15, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

https://security.netapp.com/advisory/ntap-20210205-0006/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.