squidGuard Cross-Site Scripting Vulnerability Fixed by 1.5


Description   (:A cross-site scripting vulnerability was reported in squidguard.:A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link.::This vulnerability is located in the "%u" parameter of the "squidGuard.cgi" file.)
     
Vulnerable Products   Vulnerable OS:
Fedora (Red Hat) - 22, 23, 24GNU/Linux (Debian) - 7Linux Enterprise Server (SUSE) - 11 SP4, 12 SP1, 12 SP2openSUSE (SUSE) - Leap 42.1
     
Solution   Fixed squidGuard packages for SUSE Linux Enterprise Server 12-SP2 are available.
     
CVE   CVE-2015-8936
     
References   - DLA 524-1 : squidguard security update
https://lists.debian.org/debian-lts-announce/2016/06/msg00024.html
- FEDORA-2016-fbb5a65729 : Fedora 22 Update: squidGuard-1.4-26.fc22
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHL4KHU74SQ6GRXTOVKDL527QFSIQHJT/
- FEDORA-2016-f8a01aa629 : Fedora 23 Update: squidGuard-1.4-26.fc23
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPY2LV75JPY2WGSMMGZISVBLSL5ABBU7/
- FEDORA-2016-8b19472a3c : Fedora 24 Update: squidGuard-1.4-26.fc24
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QF4BJYKWMIZPSBONJJGLRXTCW2ESUDS/
- SUSE-SU-2016:2511-1 : Security update for squidGuard
http://lists.suse.com/pipermail/sle-security-updates/2016-October/002328.html
- SUSE-SU-2016:2510-1 : Security update for squidGuard
http://lists.suse.com/pipermail/sle-security-updates/2016-October/002327.html
- openSUSE-SU-2016:2580-1 : Security update for squidGuard
https://lists.opensuse.org/opensuse-updates/2016-10/msg00073.html
- SUSE-SU-2017:1411-1: Security update for squidGuard
http://lists.suse.com/pipermail/sle-security-updates/2017-May/002922.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-06-22 

 Target Type 
Client 

 Possible exploit 
Remote