Veracode Vulnerability DatabaseVERACODE:27294HTTP Request Splitting
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
squid is vulnerable to HTTP Request Splitting. Insecure parsing of the Transfer-Encoding header allows an attacker to split an HTTP request and perform cache poisoning.
References
lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html
access.redhat.com/errata/RHSA-2020:4082
access.redhat.com/security/updates/classification/#important
github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
lists.debian.org/debian-lts-announce/2020/10/msg00005.html
lists.fedoraproject.org/archives/list/[email protected]/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/
lists.fedoraproject.org/archives/list/[email protected]/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/
lists.fedoraproject.org/archives/list/[email protected]/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/
security.netapp.com/advisory/ntap-20210219-0007/
security.netapp.com/advisory/ntap-20210226-0006/
security.netapp.com/advisory/ntap-20210226-0007/
usn.ubuntu.com/4477-1/
usn.ubuntu.com/4551-1/
www.debian.org/security/2020/dsa-4751
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N