6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
50.7%
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to
incorrect data validation, HTTP Request Splitting attacks may succeed
against HTTP and HTTPS traffic. This leads to cache poisoning. This allows
any client, including browser scripts, to bypass local security and poison
the browser cache and any downstream caches with content from an arbitrary
source. Squid uses a string search instead of parsing the Transfer-Encoding
header to find chunked encoding. This allows an attacker to hide a second
request inside Transfer-Encoding: it is interpreted by Squid as chunked and
split out into a second request delivered upstream. Squid will then deliver
two distinct responses to the client, corrupting any downstream caches.
github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
launchpad.net/bugs/cve/CVE-2020-15811
nvd.nist.gov/vuln/detail/CVE-2020-15811
security-tracker.debian.org/tracker/CVE-2020-15811
ubuntu.com/security/notices/USN-4477-1
ubuntu.com/security/notices/USN-4551-1
www.cve.org/CVERecord?id=CVE-2020-15811
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
50.7%