Vulnerability Description
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Squid-Cache | Squid | < 4.4 |
Related Weaknesses (CWE)
References
- http://www.squid-cache.org/Advisories/SQUID-2018_4.txtMitigationVendor Advisory
- http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763aPatchVendor Advisory
- https://github.com/squid-cache/squid/pull/306Third Party Advisory
- http://www.squid-cache.org/Advisories/SQUID-2018_4.txtMitigationVendor Advisory
- http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763aPatchVendor Advisory
- https://github.com/squid-cache/squid/pull/306Third Party Advisory
FAQ
What is CVE-2018-19131?
CVE-2018-19131 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
How severe is CVE-2018-19131?
CVE-2018-19131 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-19131?
Check the references section above for vendor advisories and patch information. Affected products include: Squid-Cache Squid.