CVE-2019-18860 : Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.c

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

Published 2020-03-20 21:15:17

Updated 2023-01-24 02:12:49

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2019-18860

Top countries where our scanners detected CVE-2019-18860

Top open port discovered on systems with this issue 80

IPs affected by CVE-2019-18860 937,204

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-18860!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Probability of exploitation activity in the next 30 days: 0.27%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html

[security-announce] openSUSE-SU-2020:0623-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/squid-cache/squid/pull/504

cachemgr.cgi: Add validation for hostname parameter by aaron-costello · Pull Request #504 · squid-cache/squid · GitHub
Patch;Third Party Advisory
https://www.debian.org/security/2020/dsa-4732

Debian -- Security Information -- DSA-4732-1 squid
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html

[SECURITY] [DLA 2278-1] squid3 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/squid-cache/squid/pull/505

Prep for v4.9 by yadij · Pull Request #505 · squid-cache/squid · GitHub
Patch;Third Party Advisory
https://usn.ubuntu.com/4356-1/

USN-4356-1: Squid vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 19.10
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 20.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Squid-cache » Squid
Versions before (<) 4.9
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Matching versions