CVE-2020-25097

Related Files

Red Hat Security Advisory 2021-1135-01

Posted Apr 8, 2021

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1135-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web

systems | linux, redhat

advisories | CVE-2020-25097

MD5 | 9640f7e1296caf3b61e76b29c3fbfccd

Download | Favorite | View

Ubuntu Security Notice USN-4895-1

Posted Mar 30, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4895-1 - Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. Jianjun Chen discovered that Squid incorrectly validated certain input. A remote attacker could use this issue to perform HTTP Request Smuggling and possibly access services forbidden by the security controls. Various other issues were also addressed.

tags | advisory, remote, web

systems | linux, ubuntu

advisories | CVE-2020-15049, CVE-2020-25097

MD5 | 1cebe622843beb614b653077f5a4fca8

Download | Favorite | View