Is CVE-2019-12524 actively exploited?

CVE-2019-12524 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-12524?

CVE-2019-12524 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2019-12524?

Patch guidance is available from squid-cache security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-12524.

Fix CVE-2019-12524 - CRITICAL squid-cache squid

Q: Which products are affected by CVE-2019-12524?

5 products: squid-cache squid, debian debian linux, debian debian linux, canonical ubuntu linux, canonical ubuntu linux.

Description

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-306 · Missing Authentication

Metadata

Primary Vendor: SQUID-CACHE
Published: 4/15/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

squid-cache : squiddebian : debian_linuxdebian : debian_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linux

Remediation Guidance

Executive Summary

Cite this page

CVE-2019-12524. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2019-12524

View on NIST NVD

CVE-2019-12524 vulnerability