CVE-2019-12523 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2019-12523

CVE-2019-12523

November 26, 2019

An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.

Related Resources (14)

https://www.debian.org/security/2020/dsa-4682

https://usn.ubuntu.com/4213-1/

http://www.squid-cache.org/Advisories/SQUID-2019_8.txt

https://access.redhat.com/security/cve/CVE-2019-12523

https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/

https://security-tracker.debian.org/tracker/CVE-2019-12523

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/

https://usn.ubuntu.com/4446-1/