What is CVE-2019-12525?

CVE-2019-12525 is a vulnerability in N/a. Published 2019-07-11.

Is CVE-2019-12525 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid…

EPSS: 0.546 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.squid-cache.org/Versions/v4/changesets/ (x_refsource_CONFIRM)
github.com/squid-cache/squid/commits/v4 (x_refsource_CONFIRM)
www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6a… (x_refsource_CONFIRM)
USN-4065-1 (vendor-advisory, x_refsource_UBUNTU)
[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update (mailing-list, x_refsource_MLIST)
USN-4065-2 (vendor-advisory, x_refsource_UBUNTU)
FEDORA-2019-cb50bcc189 (vendor-advisory, x_refsource_FEDORA)
DSA-4507 (vendor-advisory, x_refsource_DEBIAN)
20190825 [SECURITY] [DSA 4507-1] squid security update (mailing-list, x_refsource_BUGTRAQ)
openSUSE-SU-2019:2540 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2019-12525?: CVE-2019-12525 is a vulnerability in N/a. Published 2019-07-11.
Is CVE-2019-12525 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.