Squid@5.0 Security Vulnerabilities and Issues — Squid@5.0 CVE List

Lucene search

Squid-cacheSquid5.0

8 matches found

CVE•added 2020/04/23 3:15 p.m.•970 views

CVE-2020-11945

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if...

9.8CVSS9.7AI score0.33632EPSS

CVE•added 2020/04/15 8:15 p.m.•573 views

CVE-2019-12519

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the s...

9.8CVSS9.2AI score0.08996EPSS

CVE•added 2020/06/30 6:15 p.m.•552 views

CVE-2020-15049

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace charac...

9.9CVSS8.4AI score0.07304EPSS

CVE•added 2020/04/15 7:15 p.m.•348 views

CVE-2019-12521

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements...

5.9CVSS7.5AI score0.01004EPSS

CVE•added 2020/09/02 5:15 p.m.•305 views

CVE-2020-15810

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the p...

6.5CVSS6.8AI score0.00075EPSS

CVE•added 2020/09/02 5:15 p.m.•276 views

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the b...

6.5CVSS6.8AI score0.00118EPSS

CVE•added 2020/06/30 7:15 p.m.•256 views

CVE-2020-14058

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because ...

7.5CVSS7.8AI score0.00637EPSS

CVE•added 2020/06/30 7:15 p.m.•145 views

CVE-2020-14059

An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.

6.5CVSS6.4AI score0.03424EPSS