Home > Vulnerability Database > CVE-2019-18677

Mend.io Vulnerability Database

CVE-2019-18677

Good to know:

Date: November 26, 2019

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.

Language: C

Severity Score

6.1

Related Resources (18)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/

Url: https://access.redhat.com/security/cve/CVE-2019-18677

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-18677

Url: https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html

Url: https://www.debian.org/security/2020/dsa-4682

Url: https://security-tracker.debian.org/tracker/CVE-2019-18677

Url: http://www.squid-cache.org/Advisories/SQUID-2019_9.txt

Url: https://usn.ubuntu.com/4213-1/

Url: https://bugzilla.suse.com/show_bug.cgi?id=1156328

Url: http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch

Url: https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html

Url: https://github.com/squid-cache/squid/pull/427

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/

Url: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch

Url: https://www.mend.io/vulnerability-database/CVE-2019-18677

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version SQUID_4_9

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-18677

Good to know:

Date: November 26, 2019

Language: C

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?