Allele Security Alert
ASA-2019-00455, CVE-2019-13345, SQUID-2019:6
Multiple Cross-Site Scripting issues in cachemgr.cgi
The Squid project
Squid 2.x all releases
Squid 3.x -> 3.5.28
Squid 4.x -> 4.7
Proof of concept
Due to incorrect input handling Squid cachemgr.cgi tool is vulnerable to multiple Cross-Site Scripting attacks.
This allows a malicious server to embed URLs in its content such that user credentials and other information can be extracted from a client or administrator with access to the Squid cachemgr.cgi tool URL.
Squid Proxy Cache Security Update Advisory SQUID-2019:6
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 18, 2019