WEB APPLICATION VULNERABILITIES Standard & Premium

Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-41317)

Description

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

Remediation

References

Related Vulnerabilities

WebLogic Improper Input Validation Vulnerability (CVE-2021-44832)

MySQL CVE-2017-3633 Vulnerability (CVE-2017-3633)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9577)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple Vulnerabilities (8.0.4)

WordPress Plugin WPFront User Role Editor Unspecified Vulnerability (2.14.1)

Severity

Medium

Classification

CVE-2022-41317 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities