Login Sign Up

CVE-2019-18679

7.5 HIGH

📋 TL;DR

This Squid vulnerability exposes heap memory pointer values in nonce tokens during HTTP Digest Authentication, weakening ASLR protections. Attackers can use this information disclosure to map memory layouts and potentially facilitate remote code execution attacks. All Squid 2.x, 3.x, and 4.x through 4.8 installations using HTTP Digest Authentication are affected.

💻 Affected Systems

Products:
  • Squid
Versions: 2.x, 3.x, and 4.x through 4.8
Operating Systems: All operating systems running affected Squid versions
Default Config Vulnerable: ✅ No
Notes: Only affects configurations using HTTP Digest Authentication. Basic authentication and other auth methods are not vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Squid by Squid Cache

View all CVEs affecting Squid →

Squid by Squid Cache

View all CVEs affecting Squid →

Squid by Squid Cache

View all CVEs affecting Squid →

Squid by Squid Cache

View all CVEs affecting Squid →

Squid by Squid Cache

View all CVEs affecting Squid →

Squid by Squid Cache

View all CVEs affecting Squid →

Squid by Squid Cache

View all CVEs affecting Squid →

Squid by Squid Cache

View all CVEs affecting Squid →

Squid by Squid Cache

View all CVEs affecting Squid →

Squid by Squid Cache

View all CVEs affecting Squid →

Squid by Squid Cache

View all CVEs affecting Squid →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers combine this information disclosure with other vulnerabilities to achieve remote code execution, potentially compromising the entire Squid proxy server.

🟠

Likely Case

Attackers gather memory layout information to improve reliability of other exploitation attempts against the Squid instance.

🟢

If Mitigated

Information disclosure occurs but attackers cannot chain it with other vulnerabilities due to proper security controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires HTTP Digest Authentication to be enabled and typically requires chaining with other vulnerabilities for full impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Squid 4.9 and later, or apply specific patches to earlier versions

Vendor Advisory: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt

Restart Required: Yes

Instructions:

1. Upgrade to Squid 4.9 or later. 2. For earlier versions, apply the patch from squid-cache.org. 3. Restart Squid service.

🔧 Temporary Workarounds

Disable HTTP Digest Authentication

linux

Disable HTTP Digest Authentication if not required for your deployment

Edit squid.conf and remove or comment out 'auth_param digest' lines
Restart Squid: systemctl restart squid

🧯 If You Can't Patch

  • Disable HTTP Digest Authentication entirely
  • Implement network segmentation to restrict access to Squid proxy

🔍 How to Verify

Check if Vulnerable:

Check Squid version and configuration for HTTP Digest Authentication usage

Check Version:

squid -v | grep Version

Verify Fix Applied:

Verify Squid version is 4.9+ or check that patch has been applied

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication attempts using Digest method
  • Multiple failed authentication attempts

Network Indicators:

  • HTTP requests with Digest authentication headers to Squid proxy

SIEM Query:

source="squid" AND "digest" AND ("auth" OR "authentication")

📊 Metadata

CVE ID: CVE-2019-18679
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: November 26, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-18679, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)