what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2020-8449

Status Candidate

Overview

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Related Files

Red Hat Security Advisory 2020-4743-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4743-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow, bypass, cross site request forgery, denial of service, heap overflow, information leakage, and out of bounds read vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2019-12520, CVE-2019-12521, CVE-2019-12523, CVE-2019-12524, CVE-2019-12526, CVE-2019-12528, CVE-2019-12529, CVE-2019-12854, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678, CVE-2019-18679, CVE-2019-18860, CVE-2020-14058, CVE-2020-15049, CVE-2020-24606, CVE-2020-8449, CVE-2020-8450
MD5 | 9d6e01336e2e2755764b1fc2058759d5
Red Hat Security Advisory 2020-4082-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4082-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and information leakage vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-12528, CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606, CVE-2020-8449, CVE-2020-8450
MD5 | bfb99e0a2e42bf28a8f75ac63e6b9645
Gentoo Linux Security Advisory 202003-34
Posted Mar 16, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-34 - Multiple vulnerabilities have been found in Squid, the worst of which could lead to arbitrary code execution. Versions less than 4.10 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2019-12526, CVE-2019-12528, CVE-2019-18678, CVE-2019-18679, CVE-2020-8449, CVE-2020-8450, CVE-2020-8517
MD5 | 8f7b8d365da0caff859f70562d93266c
Ubuntu Security Notice USN-4289-1
Posted Feb 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4289-1 - Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server resources prohibited by earlier security filters. Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-12528, CVE-2020-8449, CVE-2020-8450, CVE-2020-8517
MD5 | 2afaac636a95f7189af1cfe74a67b7b5
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close