CVE-2019-18860

Published: 20 March 2020

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

Priority

Low

CVSS 3 base score: 6.1

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(4.10-1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(4.10-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/squid-cache/squid/commit/5a90b4ce64c346ba7f317a278ba601091d9de076
squid3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.5.27-1ubuntu1.6)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.5.12-1ubuntu7.11)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist