6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
56.2%
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to
incorrect data validation, HTTP Request Smuggling attacks may succeed
against HTTP and HTTPS traffic. This leads to cache poisoning. This allows
any client, including browser scripts, to bypass local security and poison
the proxy cache and any downstream caches with content from an arbitrary
source. When configured for relaxed header parsing (the default), Squid
relays headers containing whitespace characters to upstream servers. When
this occurs as a prefix to a Content-Length header, the frame length
specified will be ignored by Squid (allowing for a conflicting length to be
used from another Content-Length header) but relayed upstream.
github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
launchpad.net/bugs/cve/CVE-2020-15810
nvd.nist.gov/vuln/detail/CVE-2020-15810
security-tracker.debian.org/tracker/CVE-2020-15810
ubuntu.com/security/notices/USN-4477-1
ubuntu.com/security/notices/USN-4551-1
www.cve.org/CVERecord?id=CVE-2020-15810
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
56.2%