How severe is CVE-2019-18678?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2019-18678?

This is classified as CWE-444, which is a common weakness in software security.

CVE-2019-18678 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.

Related Vulnerabilities

CVE-2018-4030

MEDIUM

CVSS:5.3(Medium)

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is i...

CWE-4442018

CVE-2019-17567

MEDIUM

CVSS:5.3(Medium)

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing f...

CWE-4442019

CVE-2019-20372

MEDIUM

CVSS:5.3(Medium)

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is ...

CWE-4442019

CVE-2019-20866

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.

CWE-4442019

CVE-2020-5220

MEDIUM

CVSS:5.3(Medium)

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make ...

CWE-4442020

CVE-2021-25762

MEDIUM

CVSS:5.3(Medium)

In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.

CWE-4442021