vulnerability

Red Hat: CVE-2019-18860: CVE-2019-18860 squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Mar 20, 2020	Nov 5, 2020	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Mar 20, 2020

Added

Nov 5, 2020

Modified

Aug 11, 2025

Description

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

Solutions

no-fix-redhat-rpm-packageredhat-upgrade-libecapredhat-upgrade-libecap-debuginforedhat-upgrade-libecap-debugsourceredhat-upgrade-libecap-develredhat-upgrade-squidredhat-upgrade-squid-debuginforedhat-upgrade-squid-debugsource

References

CWE-74
NVD-CVE-2019-18860
REDHAT-RHSA-2020:4743

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today