Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-19131

Published: 09/11/2018 Updated: 11/12/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Squid-cache

Vulnerability Summary

Squid prior to 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

squid-cache squid

Vendor Advisories

Debian CVElist Bug Report Logs: squid: CVE-2018-19131: SQUID-2018:4: Cross-Site Scripting issue in TLS error processing
Debian Bug report logs - #912293 squid: CVE-2018-19131: SQUID-2018:4: Cross-Site Scripting issue in TLS error processing Package: src:squid; Maintainer for src:squid is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Oct 2018 21:45:02 UTC Severity: minor Tags: s ...
Amazon Linux 2: ALAS2-2023-2310
Squid before 44 has XSS via a crafted X509 certificate during HTTP(S) error page generation for certificate errors (CVE-2018-19131) A memory leak was discovered in the way Squid handles SNMP denied queries A remote attacker may use this flaw to exhaust the resources on the server machine (CVE-2018-19132) ...
Red Hat: CVE-2018-19131
A Cross-Site Scripting vulnerability has been discovered in squid in the way X509 certificates fields are displayed in some error pages An attacker who can control the certificate of the origin content server may use this flaw to inject scripting code in the squid generated page, which is executed on the client's browser ...

Github Repositories

https://github.com/JonathanWilbur/CVE-2018-19131

Proof-of-Concept exploit of CVE-2018-19131: Squid Proxy XSS via X.509 Certificate

CVE-2018-19131 Demo Author: Jonathan M Wilbur <jonathan@wilburspace> Copyright Year: 2018 License: MIT License Do not do anything illegal with this This is not malware This is just a proof of concept This is a demo of CVE-2018-19131, which runs in a Docker Compose app

References

CWE-79https://github.com/squid-cache/squid/pull/306http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patchhttp://www.squid-cache.org/Advisories/SQUID-2018_4.txthttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912293https://nvd.nist.govhttps://github.com/JonathanWilbur/CVE-2018-19131https://alas.aws.amazon.com/AL2/ALAS-2023-2310.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook