logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-15049

Description

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.


Affected Software


CPE Name Name Version
squid-cache:squid squid-cache squid 2.6
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 3.5.28
squid-cache:squid squid-cache squid 4.12
squid-cache:squid squid-cache squid 5.0.3
fedoraproject:fedora fedoraproject fedora 31

Related