exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

CVE-2020-25097

Status Candidate

Overview

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.

Related Files

Gentoo Linux Security Advisory 202105-14
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-14 - Multiple vulnerabilities have been found in Squid, the worst of which could result in a Denial of Service condition. Versions less than 4.15 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-25097, CVE-2021-28116, CVE-2021-28651, CVE-2021-28652, CVE-2021-28662, CVE-2021-31806, CVE-2021-31807, CVE-2021-31808
MD5 | 5f3e503baedaea2b618cf42a7af8c102
Red Hat Security Advisory 2021-2025-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2025-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-25097
MD5 | 359b864ab2c9e7796d7873182a892117
Red Hat Security Advisory 2021-1979-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1979-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-25097
MD5 | 1701cae075331b6405ac82cae5e4a177
Red Hat Security Advisory 2021-1135-01
Posted Apr 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1135-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-25097
MD5 | 9640f7e1296caf3b61e76b29c3fbfccd
Ubuntu Security Notice USN-4895-1
Posted Mar 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4895-1 - Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. Jianjun Chen discovered that Squid incorrectly validated certain input. A remote attacker could use this issue to perform HTTP Request Smuggling and possibly access services forbidden by the security controls. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2020-15049, CVE-2020-25097
MD5 | 1cebe622843beb614b653077f5a4fca8
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close