PT-2020-2567 · Squid+7 · Squid+8

Regis Leroy

Published

2020-02-04

Updated

2024-06-15

CVE-2020-8449

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Squid versions prior to 4.10

Description The issue exists due to insufficient input validation in the Squid proxy server, allowing a remote attacker to disclose protected information by interpreting crafted HTTP requests in unexpected ways, potentially accessing server resources that are prohibited by earlier security filters.

Recommendations For Squid versions prior to 4.10, update to version 4.10 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive server resources to minimize the risk of exploitation.

Fix

Exposure of Resource to Wrong Sphere

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-20

Related Identifiers

ALSA-2020:4743

ALT-PU-2020-1479

ALT-PU-2020-1494

BDU:2020-02596

CESA-2020_4082

CESA-2020_4743

CVE-2020-8449

DLA-2278-1

DSA-4682-1

MGASA-2020-0106

OPENSUSE-SU-2020:0307-1

OPENSUSE-SU-2020:0606-1

OPENSUSE-SU-2020_0307-1

OPENSUSE-SU-2020_0606-1

OPENSUSE-SU-2024:11403-1

RHSA-2020:4082

RHSA-2020:4743

RHSA-2020_4082

RHSA-2020_4743

RLSA-2020:4743

SUSE-SU-2020:0487-1

SUSE-SU-2020:0493-1

SUSE-SU-2020:0661-1

SUSE-SU-2020:14460-1

USN-4289-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

PT-2020-2567 · Squid+7 · Squid+8

CVE-2020-8449

Weakness Enumeration

Related Identifiers

Affected Products

References · 161