According to its banner, the version of Squid running on the remote host is 2.x prior to 4.12 or 5.x prior to 5.0.3. It is,therefore, affected by multiple vulnerabilities:
Multiple denial of service (DoS) vulnerabilities exist in the SMP cache and TLS handshake implementations of Squid. An unauthenticated, remote attacker can exploit these issues, by sending specially crafted requests to an affected instance, to impose a DoS condition on the application (CVE-2020-14058, CVE-2020-14059).
A cache poisoning vulnerability exists in Squid due to insufficient user input validation. An authenticated, remote attacker can exploit this issue, to affect the integrity of the contents returned to users from the cache (CVE-2020-15049).
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(139912);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2020-14058", "CVE-2020-14059", "CVE-2020-15049");
script_name(english:"Squid 2.x < 4.12 / 5.x < 5.0.3 (SQUID-2020:5, SQUID-2020:6 & SQUID-2020:7)");
script_set_attribute(attribute:"synopsis", value:
"The remote proxy server is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of Squid running on the remote host is 2.x prior to 4.12 or 5.x prior to 5.0.3.
It is,therefore, affected by multiple vulnerabilities:
- Multiple denial of service (DoS) vulnerabilities exist in the SMP cache and TLS handshake implementations of Squid.
An unauthenticated, remote attacker can exploit these issues, by sending specially crafted requests to an affected
instance, to impose a DoS condition on the application (CVE-2020-14058, CVE-2020-14059).
- A cache poisoning vulnerability exists in Squid due to insufficient user input validation. An authenticated, remote
attacker can exploit this issue, to affect the integrity of the contents returned to users from the cache
(CVE-2020-15049).
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://github.com/squid-cache/squid/security/advisories/GHSA-w7pw-2m4p-58hr
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?42df48c6");
# https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5094c7bf");
# https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f287cb57");
script_set_attribute(attribute:"solution", value:
"Upgrade to Squid version 4.12 or 5.0.3 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-15049");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/26");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/27");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:squid-cache:squid");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Firewalls");
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("squid_version.nasl");
script_require_keys("installed_sw/Squid", "Settings/ParanoidReport");
script_require_ports("Services/http_proxy", 3128, 8080);
exit(0);
}
include('http.inc');
include('vcf.inc');
get_install_count(app_name:'Squid', exit_if_zero:TRUE);
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
port = get_http_port(default:3128);
app_info = vcf::get_app_info(app:'Squid', port:port, webapp:TRUE);
constraints = [
{'min_version':'2.0', 'fixed_version':'4.12'},
{'min_version':'5.0', 'fixed_version':'5.0.3'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
Vendor | Product | Version | CPE |
---|---|---|---|
squid-cache | squid | cpe:/a:squid-cache:squid |