Lucene search

K

MitreCVELIST:CVE-2020-25097

HistoryMar 19, 2021 - 4:08 a.m.

CVE-2020-25097

2021-03-1904:08:54

mitre

www.cve.org

7

squid

http request smuggling

security controls

AI Score

8.6

Confidence

High

EPSS

0.003

Percentile

69.7%

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.

References

www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch

www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch

github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/

security.gentoo.org/glsa/202105-14

security.netapp.com/advisory/ntap-20210727-0010/

www.debian.org/security/2021/dsa-4873

AI Score

8.6

Confidence

High

EPSS

0.003

Percentile

69.7%

Related for CVELIST:CVE-2020-25097

nessus30 almalinux1 openvas22 oraclelinux2 fedora3 centos1 osv6 debiancve1 ubuntucve1 redhatcve1 rocky1 redhat3 amazon1 alpinelinux1 prion1 debian2 veracode1 cve1 nvd1 ubuntu1 suse2 mageia1 gentoo1 cloudlinux1 rosalinux1