VDB
DEBIAN-CVE-2019-12523
DEBIAN-CVE-2019-12523
PUBLISHED
CVSS 9.100000381469727 CRITICAL
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | squid | 0, 0, 0 |
| Debian:13 | squid | 0, 0, 0 |
| Debian:14 | squid | 0, 0, 0 |
| Debian:12 | squid | 0, 0, 0 |
Timeline
- Nov 26, 2019 CVE Published
- Apr 28, 2026 CVE Updated