{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-09T11:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"}, {"tags": ["x_refsource_MISC"], "url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/squid-cache/squid/pull/306"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19131", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"}, {"name": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt", "refsource": "MISC", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"}, {"name": "https://github.com/squid-cache/squid/pull/306", "refsource": "MISC", "url": "https://github.com/squid-cache/squid/pull/306"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:30:04.024Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/squid-cache/squid/pull/306"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19131", "datePublished": "2018-11-09T11:00:00.000Z", "dateReserved": "2018-11-09T00:00:00.000Z", "dateUpdated": "2024-09-16T18:33:29.179Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA0D3B55-6D37-49A2-93E4-9E227195CBE8", "versionEndExcluding": "4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors."}, {"lang": "es", "value": "Squid en versiones anteriores a la 4.4 tiene Cross-Site Scripting (XSS) mediante un certificado X.509 manipulado durante la generaci\u00f3n de la p\u00e1gina de error HTTP(S) para los errores de certificado."}], "id": "CVE-2018-19131", "lastModified": "2024-11-21T03:57:23.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-09T11:29:03.877", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/squid-cache/squid/pull/306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/squid-cache/squid/pull/306"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "squid: Cross-Site Scripting when generating HTTPS response messages about TLS errors", "id": "1645146", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645146"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.", "A Cross-Site Scripting vulnerability has been discovered in squid in the way X.509 certificates fields are displayed in some error pages. An attacker who can control the certificate of the origin content server may use this flaw to inject scripting code in the squid generated page, which is executed on the client's browser."], "mitigation": {"lang": "en:us", "value": "Remove %D error page macro from ERR_SECURE_CONNECT_FAIL pages found under /usr/share/squid/errors/ and any custom error pages."}, "name": "CVE-2018-19131", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "impact": "low", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "squid34", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-10-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-19131\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19131\nhttp://www.squid-cache.org/Advisories/SQUID-2018_4.txt"], "threat_severity": "Moderate"}

{}