squid-cache squid CVE-2019-18678 vulnerability in Squid Cache and Other Products
Published on November 26, 2019

product logo product logo product logo product logo
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2019-18678

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-18678 are published in these products:

Squid Cache Squid
 
Canonical Ubuntu Linux
 
Debian Linux
 
Fedora Project Fedora
 

Exploit Probability

EPSS
9.96%
Percentile
92.91%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.