Description

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.

Remediation

References

CVE-2019-18677

Related Vulnerabilities

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11074)

WordPress Plugin cformsII SQL Injection (14.12.3)

WordPress Plugin WP Hotel Booking Cross-Site Request Forgery (1.10.1)

Oracle JRE CVE-2013-2454 Vulnerability (CVE-2013-2454)

WordPress Plugin Booking calendar, Appointment Booking System Multiple Vulnerabilities (2.1.7)

Severity

Medium

Classification

CVE-2019-18677 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities