squid-cache squid CVE-2019-12524 vulnerability in Squid Cache and Other Products
Published on April 15, 2020

product logo product logo product logo
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.

Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2019-12524

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-12524 are published in these products:

Squid Cache Squid
 
Canonical Ubuntu Linux
 
Debian Linux
 

Exploit Probability

EPSS
0.55%
Percentile
67.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.