Lucene search

K
cloudlinuxCloudLinuxCLSA-2021:1628782974
HistoryAug 12, 2021 - 3:42 p.m.

Fix of CVE: CVE-2020-8450, CVE-2020-8517, CVE-2020-8449

2021-08-1215:42:54
repo.cloudlinux.com
59

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.919 High

EPSS

Percentile

98.9%

  • CVE-2020-8449: fix improper HTTP request validation allowing access to
    resources which are prohibited by security filters
  • CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow
  • CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer
    and leading to denial of service
OSVersionArchitecturePackageVersionFilename
Centos6x86_64squid< 3.1.23squid-3.1.23-29.el6.cloudlinux.els.src.rpm

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.919 High

EPSS

Percentile

98.9%