21 matches found
Fix of CVE: CVE-2020-14058, CVE-2020-15049
CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack...
SUSE: Security Advisory (SUSE-SU-2020:14460-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:1946-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Squid vulnerabilities (USN-4895-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4895-1 advisory. Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could...
USN-4895-1 squid, squid3 vulnerabilities
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. CVE-2020-15049 Jianjun Chen...
USN-4895-1: Squid vulnerabilities
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. CVE-2020-15049 Jianjun Chen...
NewStart CGSL CORE 5.04 / MAIN 5.04 : squid Multiple Vulnerabilities (NS-SA-2021-0030)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has squid packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-2534)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
squid security update
CentOS Errata and Security Advisory CESA-2020:4082 An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CentOS 7 : squid (RHSA-2020:4082)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4082 advisory. - An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as...
RLSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
ALSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-2273)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : squid on SL7.x x86_64 (20201001)
Security Fixes : - squid: HTTP Request Smuggling could result in cache poisoning CVE-2020-15810 - squid: HTTP Request Splitting could result in cache poisoning CVE-2020-15811 - squid: Information Disclosure issue in FTP Gateway CVE-2019-12528 - squid: Improper input validation issues in HTTP...
squid security update
7:3.5.20-17.4 - Resolves: 1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: 1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning - Resolves: 1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache...
SUSE SLES12 Security Update : squid (SUSE-SU-2020:1946-1)
This update for squid fixes the following issues : CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted...
Fedora 31 : 7:squid (2020-cbebc5617e)
Security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc. The...
CVE-2020-15049
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace...
CVE-2020-15049
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace...