182 matches found
PYSEC-2021-129
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
Web Cache Poisoning
Overview Affected versions of this package are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with defaul...
HTTP Request Smuggling
Squid is vulnerable to HTTP request smuggling. An attacker is able to smuggle HTTP requests due to insecure data validation in the Content-Length header. This vulnerability allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches...
CVE-2020-15810
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...
CVE-2020-15810
CVE-2020-15810 affects Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling may succeed against HTTP/HTTPS traffic, leading to cache poisoning and the ability for arbitrary content to be served from upstream caches. When relaxed header parsing is enable...
CVE-2020-15810
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...
Debian: Security Advisory (DSA-4751-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4751-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4751-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 27, 2020 https://www.debian.org/security/faq -...
CVE-2020-15810
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...
USN-4446-1: Squid vulnerabilities
Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. CVE-2019-12520 Jeriko One and Kristoffer Danielsson discovered that Squid...
Information disclosure
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end...
CVE-2020-10110
Citrix Gateway versions 11.1, 12.0 and 12.1 are referenced as affected by an Information Exposure Through Caching issue. The Red Hat/CVE and other connected records describe the vulnerability as exposure via cache headers, specifically the Via and Age headers, used in proxy caching, with Citrix d...
CVE-2020-10110
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end...
New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue could affect...
[SECURITY] [DSA 4507-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...
NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)
The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a...
EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers...
Mail.ru: Web Cache Poisoning
Reverse proxy cache poisoning via host header content could lead to stored XSS in uxui.geekbrains.ru...
Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-1721)
An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
SUSE-SU-2018:1122-1 security update for squid
This update fixes the following issues: - CVE-2018-1172: Squid Proxy Cache Denial of Service vulnerability bsc1090089...