CVE-2019-12523

CRITICAL

Squid < 4.9 - Access Control Bypass via URN Request Handling

Title source: llm
STIX 2.1

Description

An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.

References (9)

Core 9
Core References
Third Party Advisory x_refsource_confirm
http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1156329
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4213-1/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4682
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4446-1/

Scores

CVSS v3 9.1
EPSS 0.0056
EPSS Percentile 68.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Status published
Products (10)
canonical/ubuntu_linux 16.04 (2 CPE variants)
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.04
canonical/ubuntu_linux 19.10
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 30
fedoraproject/fedora 31
opensuse/leap 15.0
squid-cache/squid 3.0 - 3.5.28
Published Nov 26, 2019
Tracked Since Feb 18, 2026