CVE-2020-8449

Опубликовано: 04 фев. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
Mailing List
Third Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/
https://security.gentoo.org/glsa/202003-34
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210304-0002/
Third Party Advisory
https://usn.ubuntu.com/4289-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4682
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
Mailing List
Third Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Версия до 4.10 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08903

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

CVE-2020-8449

CVSS3: 7.5

ubuntu

больше 5 лет назад

CVE-2020-8449

CVSS3: 4.8

redhat

больше 5 лет назад

CVE-2020-8449

CVSS3: 7.5

debian

больше 5 лет назад

An issue was discovered in Squid before 4.10. Due to incorrect input v ...

GHSA-rmc2-g977-jr5r

github

около 3 лет назад

BDU:2020-02596

CVSS3: 7.5

fstec

больше 5 лет назад

Уязвимость прокси-сервера Squid, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 92%

0.08903

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-668