1. Home
  2. Vulnerabilities
  3. CVE-2019-18677

CVE-2019-18677

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 5.8 (Medium)
58% Progress
EPSS 0.40 % (74th)
0.40% Progress
Affected Products 3
Advisories 13
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.

Weaknesses
CWE-352
Cross-Site Request Forgery (CSRF)
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2019-11-26 17:15:12
(4 years ago)
Updated Date
2023-11-07 03:06:53
(10 months ago)

Affected Products

Canonical

Fedoraproject

Squid-cache

Configuration #1

    CPE23 From Up To
  Squid-cache Squid from 2.0 version and 2.7 and prior versions cpe:2.3:a:squid-cache:squid >= 2.0 <= 2.7
  Squid-cache Squid from 3.0 version and 3.5.28 and prior versions cpe:2.3:a:squid-cache:squid >= 3.0 <= 3.5.28
  Squid-cache Squid from 4.0 version and 4.8 and prior versions cpe:2.3:a:squid-cache:squid >= 4.0 <= 4.8
  Squid-cache Squid 2.7 Stable2 cpe:2.3:a:squid-cache:squid:2.7:stable2
  Squid-cache Squid 2.7 Stable3 cpe:2.3:a:squid-cache:squid:2.7:stable3
  Squid-cache Squid 2.7 Stable4 cpe:2.3:a:squid-cache:squid:2.7:stable4
  Squid-cache Squid 2.7 Stable5 cpe:2.3:a:squid-cache:squid:2.7:stable5
  Squid-cache Squid 2.7 Stable6 cpe:2.3:a:squid-cache:squid:2.7:stable6
  Squid-cache Squid 2.7 Stable7 cpe:2.3:a:squid-cache:squid:2.7:stable7
  Squid-cache Squid 2.7 Stable8 cpe:2.3:a:squid-cache:squid:2.7:stable8
  Squid-cache Squid 2.7 Stable9 cpe:2.3:a:squid-cache:squid:2.7:stable9

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.04 cpe:2.3:o:canonical:ubuntu_linux:19.04
  Canonical Ubuntu Linux 19.10 cpe:2.3:o:canonical:ubuntu_linux:19.10

Configuration #3

    CPE23 From Up To
  Fedoraproject Fedora 30 cpe:2.3:o:fedoraproject:fedora:30
  Fedoraproject Fedora 31 cpe:2.3:o:fedoraproject:fedora:31