exploitDog

CVE-2020-8449

Опубликовано: 04 фев. 2020

Источник: debian

Описание

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
squid	fixed	4.10-1		package
squid3	removed			package

Примечания

http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5)
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older)
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9)

Связанные уязвимости

CVE-2020-8449

CVSS3: 7.5

ubuntu

больше 5 лет назад

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

CVE-2020-8449

CVSS3: 4.8

redhat

больше 5 лет назад

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

CVE-2020-8449

CVSS3: 7.5

nvd

больше 5 лет назад

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

GHSA-rmc2-g977-jr5r

github

около 3 лет назад

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

BDU:2020-02596

CVSS3: 7.5

fstec

больше 5 лет назад

Уязвимость прокси-сервера Squid, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю раскрыть защищаемую информацию