logo
DATABASE RESOURCES PRICING ABOUT US

Squid vulnerabilities

Description

Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15049) Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15810) Régis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. (CVE-2020-15811) Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. (CVE-2020-24606)


Affected Package


OS OS Version Package Name Package Version
Ubuntu 18.04 squid 3.5.27-1ubuntu1.9
Ubuntu 18.04 squid-cgi 3.5.27-1ubuntu1.9
Ubuntu 18.04 squid-common 3.5.27-1ubuntu1.9
Ubuntu 18.04 squid-dbg 3.5.27-1ubuntu1.9
Ubuntu 18.04 squid-purge 3.5.27-1ubuntu1.9
Ubuntu 18.04 squid3 3.5.27-1ubuntu1.9
Ubuntu 18.04 squidclient 3.5.27-1ubuntu1.9
Ubuntu 16.04 squid 3.5.12-1ubuntu7.15
Ubuntu 16.04 squid-cgi 3.5.12-1ubuntu7.15
Ubuntu 16.04 squid-cgi-dbgsym 3.5.12-1ubuntu7.15
Ubuntu 16.04 squid-common 3.5.12-1ubuntu7.15
Ubuntu 16.04 squid-dbg 3.5.12-1ubuntu7.15
Ubuntu 16.04 squid-dbgsym 3.5.12-1ubuntu7.15
Ubuntu 16.04 squid-purge 3.5.12-1ubuntu7.15
Ubuntu 16.04 squid-purge-dbgsym 3.5.12-1ubuntu7.15
Ubuntu 16.04 squid3 3.5.12-1ubuntu7.15
Ubuntu 16.04 squidclient 3.5.12-1ubuntu7.15
Ubuntu 16.04 squidclient-dbgsym 3.5.12-1ubuntu7.15

Related