CVE-2019-12524 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-12524 Interim 1 32 2025-02-17T02:04:07Z current 2021-05-30T14:28:46Z 2025-02-17T02:04:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-12524 An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2020-May/006808.html E-Mail link for SUSE-SU-2020:1227-1 https://lists.suse.com/pipermail/sle-security-updates/2020-August/007289.html E-Mail link for SUSE-SU-2020:14460-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Enterprise Storage 5 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Liberty Linux 8 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Server 15-ESPOS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 libecap-1.0.1-2.module+el8.1.0+4044+36416a77 libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77 squid squid-3.5.21-26.23.1 squid-4.11-3.module+el8.3.0+7851+7808b5f9 squid3-3.1.23-8.16.37.12.1 squid-3.5.21-26.23.1 as a component of HPE Helion OpenStack 8 squid-3.5.21-26.23.1 as a component of SUSE Enterprise Storage 5 libecap-1.0.1-2.module+el8.1.0+4044+36416a77 as a component of SUSE Liberty Linux 8 libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77 as a component of SUSE Liberty Linux 8 squid-4.11-3.module+el8.3.0+7851+7808b5f9 as a component of SUSE Liberty Linux 8 squid3-3.1.23-8.16.37.12.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT squid3-3.1.23-8.16.37.12.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA squid3-3.1.23-8.16.37.12.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA squid3-3.1.23-8.16.37.12.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server 12 SP2-ESPOS squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server 12 SP3-ESPOS squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server 12 SP3-TERADATA squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server 12 SP4 squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 squid-3.5.21-26.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 squid-3.5.21-26.23.1 as a component of SUSE OpenStack Cloud 7 squid-3.5.21-26.23.1 as a component of SUSE OpenStack Cloud 8 squid-3.5.21-26.23.1 as a component of SUSE OpenStack Cloud Crowbar 8 squid as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 squid as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS squid as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 squid as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata squid as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata squid as a component of SUSE Linux Enterprise Server 11 SP4 LTSS squid as a component of SUSE Linux Enterprise Server 12 SP1-LTSS squid as a component of SUSE Linux Enterprise Server 12 SP5 squid as a component of SUSE Linux Enterprise Server 15-ESPOS squid as a component of SUSE Linux Enterprise Server 15-LTSS squid as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource. CVE-2019-12524 HPE Helion OpenStack 8:squid-3.5.21-26.23.1 SUSE Enterprise Storage 5:squid-3.5.21-26.23.1 SUSE Liberty Linux 8:libecap-1.0.1-2.module+el8.1.0+4044+36416a77 SUSE Liberty Linux 8:libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77 SUSE Liberty Linux 8:squid-4.11-3.module+el8.3.0+7851+7808b5f9 SUSE Linux Enterprise Point of Sale 11 SP3:squid3-3.1.23-8.16.37.12.1 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:squid3-3.1.23-8.16.37.12.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:squid3-3.1.23-8.16.37.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:squid3-3.1.23-8.16.37.12.1 SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server 12 SP2-ESPOS:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server 12 SP3-ESPOS:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server 12 SP3-TERADATA:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1 SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1 SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1 SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1 SUSE Linux Enterprise High Performance Computing 12 SP5:squid SUSE Linux Enterprise High Performance Computing 15-LTSS:squid SUSE Linux Enterprise Module for Server Applications 15 SP1:squid SUSE Linux Enterprise Server 11 SP1 for Teradata:squid SUSE Linux Enterprise Server 11 SP3 for Teradata:squid SUSE Linux Enterprise Server 11 SP4 LTSS:squid SUSE Linux Enterprise Server 12 SP1-LTSS:squid SUSE Linux Enterprise Server 12 SP5:squid SUSE Linux Enterprise Server 15-ESPOS:squid SUSE Linux Enterprise Server 15-LTSS:squid SUSE Linux Enterprise Server for SAP Applications 12 SP5:squid moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 5.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N