According to its self-reported version number, the version of Squid installed on the remote host is 5.x < 5.0.4 or prior to 4.13. It is, therefore, affected by multiple vulnerabilities:
Due to incorrect data validation Squid is vulnerable to HTTP request splitting and HTTP request smuggling attacks against HTTP and HTTPS traffic. This leads to cache poisoning. (CVE-2020-15810 / CVE-2020-15811)
Due to improper input validation Squid is vulnerable to a denial of service attack against the machine operating Squid. (CVE-2020-24606) Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
Vendor | Product | Version | CPE |
---|---|---|---|
squid-cache | squid | * | cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24606
github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg