CVE-2020-15049

2020-06-3000:00:00

ubuntu.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before
4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can
succeed against the HTTP cache. The client sends an HTTP request with a
Content-Length header containing "+\ “-” or an uncommon shell whitespace
character prefix to the length field-value.

Notes

Author	Note
mdeslaur	per upstream, “This attack requires an upstream server to participate in the smuggling and generate the poison response sequence.”

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchsquid< 4.10-1ubuntu1.3UNKNOWN
ubuntu20.10noarchsquid< 4.12-1ubuntu1UNKNOWN
ubuntu21.04noarchsquid< 4.12-1ubuntu1UNKNOWN
ubuntu18.04noarchsquid3< 3.5.27-1ubuntu1.9UNKNOWN
ubuntu16.04noarchsquid3< 3.5.12-1ubuntu7.15UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	squid	< 4.10-1ubuntu1.3	UNKNOWN
ubuntu	20.10	noarch	squid	< 4.12-1ubuntu1	UNKNOWN
ubuntu	21.04	noarch	squid	< 4.12-1ubuntu1	UNKNOWN
ubuntu	18.04	noarch	squid3	< 3.5.27-1ubuntu1.9	UNKNOWN
ubuntu	16.04	noarch	squid3	< 3.5.12-1ubuntu7.15	UNKNOWN