Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-15049

Опубликовано: 30 июн. 2020
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 6.5
CVSS3: 9.9

Описание

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.

РелизСтатусПримечание
bionic

DNE

devel

released

4.12-1ubuntu1
eoan

ignored

end of life
esm-infra-legacy/trusty

DNE

esm-infra/focal

not-affected

4.10-1ubuntu1.3
focal

released

4.10-1ubuntu1.3
groovy

released

4.12-1ubuntu1
hirsute

released

4.12-1ubuntu1
precise/esm

DNE

trusty

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

released

3.5.27-1ubuntu1.9
devel

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

3.5.27-1ubuntu1.9
esm-infra/focal

DNE

esm-infra/xenial

not-affected

3.5.12-1ubuntu7.15
focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 94%
0.15653
Средний

6.5 Medium

CVSS2

9.9 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-15049

CVSS3: 8.5
redhat
почти 5 лет назад

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.

nvd логотип

CVE-2020-15049

CVSS3: 9.9
nvd
почти 5 лет назад

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.

debian логотип

CVE-2020-15049

CVSS3: 9.9
debian
почти 5 лет назад

An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...

suse-cvrf логотип

SUSE-SU-2020:1946-1

suse-cvrf
почти 5 лет назад

Security update for squid

fstec логотип

BDU:2020-04037

CVSS3: 8.8
fstec
почти 5 лет назад

Уязвимость компонента http/ContentLengthInterpreter.cc прокси-сервера Squid, позволяющая нарушителю отравлять содержимое кэша

EPSS

Процентиль: 94%
0.15653
Средний

6.5 Medium

CVSS2

9.9 Critical

CVSS3

Уязвимость CVE-2020-15049