CVE-2020-25097

Опубликовано: 19 мар. 2021

Источник: nvd

CVSS3: 8.6

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.

Ссылки

http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch
Mailing List
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch
Mailing List
Patch
Vendor Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/
https://security.gentoo.org/glsa/202105-14
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210727-0010/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4873
Third Party Advisory
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch
Mailing List
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch
Mailing List
Patch
Vendor Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/
https://security.gentoo.org/glsa/202105-14
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210727-0010/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4873
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Версия от 2.0 (включая) до 4.14 (исключая)

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Версия от 5.0.1 (включая) до 5.0.5 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00889

Низкий

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2020-25097

CVSS3: 8.6

ubuntu

больше 4 лет назад

CVE-2020-25097

CVSS3: 8.6

redhat

почти 5 лет назад

CVE-2020-25097

CVSS3: 8.6

debian

больше 4 лет назад

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. D ...

RLSA-2021:1979

rocky

почти 4 года назад

Important: squid:4 security update

ELSA-2021-1979

oracle-oval

около 4 лет назад

ELSA-2021-1979: squid:4 security update (IMPORTANT)

EPSS

Процентиль: 74%

0.00889

Низкий

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20