Lucene search

K
cloudlinuxCloudLinuxCLSA-2021:1632262221
HistorySep 21, 2021 - 10:10 p.m.

Fix of CVE: CVE-2020-8517, CVE-2021-28651, CVE-2020-15049, CVE-2020-8449, CVE-2020-8450, CVE-2020-24606, CVE-2020-25097, CVE-2020-11945, CVE-2020-14058

2021-09-2122:10:21
repo.cloudlinux.com
45

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.931 High

EPSS

Percentile

99.0%

  • CVE-2020-15049: fix incorrect validation of Content-Length field leading to
    Http smuggling and Poisoning attack
  • CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of
    service
  • CVE-2020-25097: fix improper input validation allowing HTTP smuggling from
    trusted client
  • CVE-2020-11945: fix nonce reference counter overflow allowing replay attack
  • CVE-2020-24606: fix handle of EOF in peerDigestHandleReply() leading to Denial
    of service
  • CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer
    and leading to denial of service
  • CVE-2020-8449: fix improper HTTP request validation allowing access to
    resources which are prohibited by security filters
  • CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow
  • CVE-2021-28651: fix memory leak leading to denial of service
OSVersionArchitecturePackageVersionFilename
Centos6x86_64squid34< 3.4.14squid34-3.4.14-16.el6.cloudlinux.els.src.rpm

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.931 High

EPSS

Percentile

99.0%

Related for CLSA-2021:1632262221