NewStart CGSL CORE 5.04 / MAIN 5.04 : python-twisted-web Multiple Vulnerabilities (NS-SA-2020-0078)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-twisted-web packages installed that are affected by multiple vulnerabilities: - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characte...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python-twisted-web Multiple Vulnerabilities (NS-SA-2020-0118)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-twisted-web packages installed that are affected by multiple vulnerabilities: - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characte...

Updated python-twisted packages fix security vulnerabilities

Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks CVE-2020-10108, CVE-2020-10109...

MGASA-2020-0428 Updated python-twisted packages fix security vulnerabilities

Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks CVE-2020-10108, CVE-2020-10109...

CentOS 7 : squid (RHSA-2020:4082)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4082 advisory. - An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as...

EulerOS 2.0 SP8 : squid (EulerOS-SA-2020-2323)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed...

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-2323)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-2300)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : squid (EulerOS-SA-2020-2300)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of...

Important: squid

Issue Overview: A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. CVE-2020-15810 A flaw was found ...

squid security update

7:3.5.20-17.4 - Resolves: 1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: 1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning - Resolves: 1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache...

HTTP Request Splitting

squid is vulnerable to HTTP Request Splitting. Insecure parsing of the Transfer-Encoding header allows an attacker to split an HTTP request and perform cache poisoning...

RHEL 8 : squid:4 (RHSA-2020:3623)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3623 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: HTTP...

NewStart CGSL MAIN 4.05 : python-twisted-web Vulnerability (NS-SA-2020-0054)

The remote NewStart CGSL host, running version MAIN 4.05, has python-twisted-web packages installed that are affected by a vulnerability: - In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first heade...

MGASA-2020-0361 Updated squid packages fix security vulnerabilities

An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any...

Updated squid packages fix security vulnerabilities

An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any...

squid:4 security update

libecap squid 7:4.4-8.2 - Resolves: 1872345 - CVE-2020-15811 squid:4/squid: HTTP Request Splitting could result in cache poisoning - Resolves: 1872330 - CVE-2020-15810 squid:4/squid: HTTP Request Smuggling could result in cache poisoning 7:4.4-8.1 - Resolves: 1828368 - CVE-2019-12519 squid:...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A...

squid:4 security update

An update is available for libecap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Squid is a high-performance proxy caching server for web clients, supporting...

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...