Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.

Published

2020-09-02T17:15:11.687

Last Modified

2024-11-21T05:06:13.753

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-697

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	squid-cache	squid	< 4.13	Yes
Application	squid-cache	squid	< 5.0.4	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	canonical	ubuntu_linux	20.04	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	fedoraproject	fedora	32	Yes
Operating System	fedoraproject	fedora	33	Yes
Operating System	opensuse	leap	15.1	Yes
Operating System	opensuse	leap	15.2	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html Mailing List, Third Party Advisory ([email protected])
https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv Patch ([email protected])
https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/ Mailing List, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20210219-0007/ Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20210226-0006/ Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20210226-0007/ Broken Link, Third Party Advisory ([email protected])
https://usn.ubuntu.com/4477-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/4551-1/ Third Party Advisory ([email protected])
https://www.debian.org/security/2020/dsa-4751 Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210219-0007/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210226-0006/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210226-0007/ Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4477-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4551-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4751 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)