Lucene search

K

PRIOn knowledge basePRION:CVE-2020-8449

HistoryFeb 04, 2020 - 8:15 p.m.

Input validation

2020-02-0420:15:00

PRIOn knowledge base

www.prio-n.com

3

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

50.8%

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq18.04
ubuntu_linuxeq19.10
debian_linuxeq9.0
debian_linuxeq10.0
fedoraeq30
fedoraeq31
leapeq15.1
squidlt4.10

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html

lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html

www.squid-cache.org/Advisories/SQUID-2020_1.txt

www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch

www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch

www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch

www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch

www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch

lists.debian.org/debian-lts-announce/2020/07/msg00009.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/

security.gentoo.org/glsa/202003-34

security.netapp.com/advisory/ntap-20210304-0002/

usn.ubuntu.com/4289-1/

www.debian.org/security/2020/dsa-4682

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

50.8%

Related for PRION:CVE-2020-8449