An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Apr 2022, 18:04
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202105-14 - Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
First Time |
Netapp
Netapp cloud Manager Fedoraproject fedora Fedoraproject |
26 May 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Apr 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Apr 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Apr 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Apr 2021, 19:23
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-444 |
29 Mar 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 8.6 |
25 Mar 2021, 02:48
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
References |
|
|
References | (MISC) https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6 - Patch, Third Party Advisory | |
References | (MISC) http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch - Mailing List, Patch, Vendor Advisory | |
References | (MISC) http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch - Mailing List, Patch, Vendor Advisory | |
CPE | cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
19 Mar 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-19 05:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-25097
Mitre link : CVE-2020-25097
CVE.ORG link : CVE-2020-25097
JSON object : View
Products Affected
squid-cache
- squid
debian
- debian_linux
netapp
- cloud_manager
fedoraproject
- fedora