CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

Design/Logic Flaw

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

CVE-2020-15811

CVE-2020-15811 affects Squid before 4.13 and 5.x before 5.0.4, allowing HTTP Request Splitting that can poison caches by mishandling Transfer-Encoding. The issue is confirmed in vendor advisories (ALAS2SQUID4-2023-006; ALAS-2020-1453; ALAS2-2020-1548) which recommend updating Squid to fixed build...

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

Ubuntu: Security Advisory (USN-4477-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4477-1: Squid vulnerabilities

Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. CVE-2020-15810 Régis Leroy discovered that Squid incorrectly validated certain data. A remote attacker...

CVE-2020-15811

A flaw was found in squid. Due to incorrect data validation, an HTTP Request Splitting attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation Disable the relaxed HTTP parser in...

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

Amazon Linux AMI : python-twisted-web (ALAS-2020-1372)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1372 advisory. In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set ...

Important: python-twisted-web

Issue Overview: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined...

Amazon Linux 2 : python-twisted-web (ALAS-2020-1428)

The version of python-twisted-web installed on the remote host is prior to 12.1.0-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1428 advisory. In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a...

Important: python-twisted-web

Issue Overview: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. CVE-2020-10109 In...

Improper Input Validation in Twisted

In Twisted Web before 20.3.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...

GHSA-P5XH-VX83-MXCJ HTTP Request Smuggling in Twisted

In Twisted Web through 20.3.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...

USN-4308-2: Twisted vulnerabilities

USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11

Summary IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js version 8 for which multiple vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of...

GLSA-202003-48 : Node.js: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-48 Node.js: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly write arbitrary files,...

Ubuntu 16.04 LTS / 18.04 LTS : Twisted vulnerabilities (USN-4308-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4308-1 advisory. it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to...