MGASA-2020-0428 Updated python-twisted packages fix security vulnerabilities

Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks CVE-2020-10108, CVE-2020-10109...

Important: squid

Issue Overview: An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. CVE-2019-12528 An issue was discovered in...

squid security update

CentOS Errata and Security Advisory CESA-2020:4082 An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : squid (RHSA-2020:4082)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4082 advisory. - An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as...

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-2323)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : squid (EulerOS-SA-2020-2323)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed...

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-2300)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : squid (EulerOS-SA-2020-2300)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of...

Important: squid

Issue Overview: A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. CVE-2020-15810 A flaw was found ...

squid security update

7:3.5.20-17.4 - Resolves: 1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: 1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning - Resolves: 1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache...

HTTP Request Splitting

squid is vulnerable to HTTP Request Splitting. Insecure parsing of the Transfer-Encoding header allows an attacker to split an HTTP request and perform cache poisoning...

squid: HTTP Request Splitting could result in cache poisoning

A flaw was found in squid. Due to incorrect data validation, an HTTP Request Splitting attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity...

USN-4551-1 squid3 vulnerabilities

Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. CVE-2020-15049 Amit Klein discovered that Squid incorrectly validated...

RHEL 8 : squid:4 (RHSA-2020:3623)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3623 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: HTTP...

NewStart CGSL MAIN 4.05 : python-twisted-web Vulnerability (NS-SA-2020-0054)

The remote NewStart CGSL host, running version MAIN 4.05, has python-twisted-web packages installed that are affected by a vulnerability: - In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first heade...

MGASA-2020-0361 Updated squid packages fix security vulnerabilities

An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any...

Updated squid packages fix security vulnerabilities

An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any...

squid:4 security update

libecap squid 7:4.4-8.2 - Resolves: 1872345 - CVE-2020-15811 squid:4/squid: HTTP Request Splitting could result in cache poisoning - Resolves: 1872330 - CVE-2020-15810 squid:4/squid: HTTP Request Smuggling could result in cache poisoning 7:4.4-8.1 - Resolves: 1828368 - CVE-2019-12519 squid:...

squid: HTTP Request Splitting could result in cache poisoning

A flaw was found in squid. Due to incorrect data validation, an HTTP Request Splitting attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A...