Lucene search
+L

21 matches found

CloudLinux
CloudLinux
added 2021/08/25 2:44 p.m.43 views

Fix of CVE: CVE-2020-14058, CVE-2020-15049

CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack...

9.9CVSS2.3AI score0.05706EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2020:14460-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS6.7AI score0.74477EPSS
Exploits1References20
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2020:1946-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS6.9AI score0.05706EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/03/30 12:0 a.m.29 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Squid vulnerabilities (USN-4895-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4895-1 advisory. Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could...

9.9CVSS6.9AI score0.08161EPSS
Exploits0References3
OSV
OSV
added 2021/03/29 1:5 p.m.8 views

USN-4895-1 squid, squid3 vulnerabilities

Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. CVE-2020-15049 Jianjun Chen...

9.9CVSS6.8AI score0.08161EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2021/03/29 1:5 p.m.148 views

USN-4895-1: Squid vulnerabilities

Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. CVE-2020-15049 Jianjun Chen...

9.9CVSS6.9AI score0.08161EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.33 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : squid Multiple Vulnerabilities (NS-SA-2021-0030)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has squid packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as...

9.9CVSS7.3AI score0.7179EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2020/12/15 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-2534)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7.7AI score0.05706EPSS
Exploits0References2
Cent OS
Cent OS
added 2020/11/06 10:15 p.m.145 views

squid security update

CentOS Errata and Security Advisory CESA-2020:4082 An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.9CVSS6.8AI score0.7179EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2020/11/06 12:0 a.m.134 views

CentOS 7 : squid (RHSA-2020:4082)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4082 advisory. - An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as...

9.9CVSS7.3AI score0.7179EPSS
Exploits0References8
OSV
OSV
added 2020/11/03 12:32 p.m.39 views

RLSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...

8.5CVSS9.1AI score0.7179EPSS
Exploits0References19
OSV
OSV
added 2020/11/03 12:32 p.m.31 views

ALSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...

9.9CVSS9.2AI score0.7179EPSS
Exploits0References19
AlmaLinux
AlmaLinux
added 2020/11/03 12:32 p.m.57 views

Moderate: squid:4 security, bug fix, and enhancement update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...

9.9CVSS8.9AI score0.7179EPSS
Exploits0References19
OpenVAS
OpenVAS
added 2020/10/30 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-2273)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS8.2AI score0.05706EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/10/21 12:0 a.m.36 views

Scientific Linux Security Update : squid on SL7.x x86_64 (20201001)

Security Fixes : - squid: HTTP Request Smuggling could result in cache poisoning CVE-2020-15810 - squid: HTTP Request Splitting could result in cache poisoning CVE-2020-15811 - squid: Information Disclosure issue in FTP Gateway CVE-2019-12528 - squid: Improper input validation issues in HTTP...

9.9CVSS6.8AI score0.7179EPSS
Exploits0References8
Oracle linux
Oracle linux
added 2020/10/08 12:0 a.m.86 views

squid security update

7:3.5.20-17.4 - Resolves: 1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: 1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning - Resolves: 1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache...

9.9CVSS0.4AI score0.7179EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.33 views

SUSE SLES12 Security Update : squid (SUSE-SU-2020:1946-1)

This update for squid fixes the following issues : CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted...

9.9CVSS6.7AI score0.05706EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/07/14 12:0 a.m.53 views

Fedora 31 : 7:squid (2020-cbebc5617e)

Security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc. The...

9.9CVSS6.7AI score0.05706EPSS
Exploits0References3
OSV
OSV
added 2020/06/30 6:15 p.m.36 views

CVE-2020-15049

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace...

8.8CVSS6.6AI score
Exploits0References10
Debian CVE
Debian CVE
added 2020/06/30 5:55 p.m.30 views

CVE-2020-15049

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace...

9.9CVSS7.3AI score0.05706EPSS
Exploits0
Rows per page
Query Builder