ASA-201911-8 - log back

ASA-201911-8 edited at 07 Nov 2019 11:39:31
Workaround
- CVE-2019-12526
Deny urn: protocol URI being proxied to all clients:
acl URN proto URN
http_access deny URN
- CVE-2019-18678
There are no workarounds for this vulnerability.
- CVE-2019-18679
- Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
+ Digest authentication can be disabled by removing all 'auth_param
+ digest ...' configuration settings from squid.conf.
ASA-201911-8 edited at 07 Nov 2019 11:22:37
Workaround
- CVE-2019-12526
Deny urn: protocol URI being proxied to all clients:
- acl URN proto URN
+ acl URN proto URN
- http_access deny URN
+ http_access deny URN
- CVE-2019-18678
There are no workarounds for this vulnerability.
- CVE-2019-18679
Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
ASA-201911-8 edited at 07 Nov 2019 11:20:48
Workaround
- For CVE-2019-12526:
+ - CVE-2019-12526
+
- Deny urn: protocol URI being proxied to all clients:
+ Deny urn: protocol URI being proxied to all clients:
acl URN proto URN
http_access deny URN
- For CVE-2019-18678:
+ - CVE-2019-18678
- There are no workarounds for this vulnerability.
+ There are no workarounds for this vulnerability.
+
- For CVE-2019-18679:
+ - CVE-2019-18679
+
- Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
+ Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
ASA-201911-8 edited at 07 Nov 2019 09:46:44
Workaround
For CVE-2019-12526:
- Deny urn: protocol URI being proxied to all clients:
+ Deny urn: protocol URI being proxied to all clients:
- acl URN proto URN
+ acl URN proto URN
- http_access deny URN
+ http_access deny URN
For CVE-2019-18678:
- There are no workarounds for this vulnerability.
+ There are no workarounds for this vulnerability.
For CVE-2019-18679:
- Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
+ Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
ASA-201911-8 edited at 07 Nov 2019 09:46:08
Workaround
+ For CVE-2019-12526:
+ Deny urn: protocol URI being proxied to all clients:
+
+ acl URN proto URN
+ http_access deny URN
+
+ For CVE-2019-18678:
+ There are no workarounds for this vulnerability.
+
+ For CVE-2019-18679:
+ Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
Impact
+ A remote attacker might access sensitive information, corrupt the content of arbitrary URLs in the caches or execute arbitrary code.
ASA-201911-8 created at 07 Nov 2019 09:41:37