Количество 20
Количество 20
RLSA-2020:3623
Important: squid:4 security update
ELSA-2020-3623
ELSA-2020-3623: squid:4 security update (IMPORTANT)
SUSE-SU-2020:2471-1
Security update for squid
SUSE-SU-2020:14590-1
Security update for squid3
openSUSE-SU-2020:1369-1
Security update for squid
openSUSE-SU-2020:1346-1
Security update for squid
SUSE-SU-2020:2443-1
Security update for squid
SUSE-SU-2020:2442-1
Security update for squid
ELSA-2020-4082
ELSA-2020-4082: squid security update (IMPORTANT)
CVE-2020-15811
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
CVE-2020-15811
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
CVE-2020-15811
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
CVE-2020-15811
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...
CVE-2020-15810
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
CVE-2020-15810
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
CVE-2020-15810
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
CVE-2020-15810
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...
BDU:2020-04148
Уязвимость прокси-сервера Squid, связанная с непринятием мер по обработке последовательностей CRLF в HTTP-заголовках, позволяющая нарушителю внедрить произвольные HTTP-заголовки
BDU:2020-04147
Уязвимость прокси-сервера Squid, связанная с непоследовательной интерпретацией http-запросов, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
SUSE-SU-2022:14908-1
Security update for squid
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2020:3623 Important: squid:4 security update | почти 5 лет назад | ||
| ELSA-2020-3623 ELSA-2020-3623: squid:4 security update (IMPORTANT) | почти 5 лет назад | ||
 | SUSE-SU-2020:2471-1 Security update for squid | почти 5 лет назад | ||
| SUSE-SU-2020:14590-1 Security update for squid3 | больше 4 лет назад | ||
| openSUSE-SU-2020:1369-1 Security update for squid | почти 5 лет назад | ||
| openSUSE-SU-2020:1346-1 Security update for squid | почти 5 лет назад | ||
| SUSE-SU-2020:2443-1 Security update for squid | почти 5 лет назад | ||
| SUSE-SU-2020:2442-1 Security update for squid | почти 5 лет назад | ||
| ELSA-2020-4082 ELSA-2020-4082: squid security update (IMPORTANT) | больше 4 лет назад | ||
 | CVE-2020-15811 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
 | CVE-2020-15811 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. | CVSS3: 9.6 | 0% Низкий | почти 5 лет назад |
 | CVE-2020-15811 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
| CVE-2020-15811 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ... | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
| CVE-2020-15810 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream. | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
| CVE-2020-15810 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream. | CVSS3: 9.6 | 0% Низкий | почти 5 лет назад |
| CVE-2020-15810 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream. | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
| CVE-2020-15810 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ... | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
 | BDU:2020-04148 Уязвимость прокси-сервера Squid, связанная с непринятием мер по обработке последовательностей CRLF в HTTP-заголовках, позволяющая нарушителю внедрить произвольные HTTP-заголовки | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
| BDU:2020-04147 Уязвимость прокси-сервера Squid, связанная с непоследовательной интерпретацией http-запросов, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS) | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
| SUSE-SU-2022:14908-1 Security update for squid | больше 3 лет назад |
Уязвимостей на страницу