Lucene search

K
redhatcveRedhat.comRH:CVE-2020-25097
HistoryMar 17, 2021 - 10:35 a.m.

CVE-2020-25097

2021-03-1710:35:00
redhat.com
access.redhat.com
11
squid
http request smuggling
data confidentiality
vulnerability
mitigation
validation
parsing
services access

EPSS

0.003

Percentile

69.7%

A flaw was found in squid. Due to improper validation while parsing the request URI, squid is vulnerable to HTTP request smuggling. This issue could allow a trusted client to perform an HTTP request smuggling attack and access services otherwise forbidden by squid. The highest threat from this vulnerability is to data confidentiality.

Mitigation

This flaw can be mitigated by setting the uri_whitespace directive in squid.conf to either:

uri_whitespace deny  

or

uri_whitespace encode