PT-2020-3689 · Squid+8 · Squid+9

Alex Rousskov

+1

·

Published

2020-06-30

·

Updated

2024-06-15

·

CVE-2020-15049

CVSS v3.1

9.9

Critical

VectorAC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N
Name of the Vulnerable Software and Affected Versions Squid versions prior to 4.12 Squid versions 5.x prior to 5.0.3
Description An issue in the http/ContentLengthInterpreter.cc component of Squid allows for a Request Smuggling and Poisoning attack against the HTTP cache. This can be achieved by sending an HTTP request with a Content-Length header containing specific characters, such as "+-" or uncommon shell whitespace character prefixes to the length field-value. The attack can be exploited by a remote attacker to poison the cache content using a specially crafted HTTP(S) request.
Recommendations For Squid versions prior to 4.12, update to version 4.12 or later to resolve the issue. For Squid versions 5.x prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the http/ContentLengthInterpreter.cc component until a patch is available.

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALSA-2020:4743
ALT-PU-2020-3116
ALT-PU-2020-3140
ALT-PU-2020-3142
BDU:2020-04037
CESA-2020_4082
CESA-2020_4743
CVE-2020-15049
DLA-2394-1
DSA-4732-1
GHSA-QF3V-RC95-96J5
OESA-2021-1092
OPENSUSE-SU-2020:1346-1
OPENSUSE-SU-2020:1369-1
OPENSUSE-SU-2020_1346-1
OPENSUSE-SU-2020_1369-1
OPENSUSE-SU-2024:11403-1
RHSA-2020:4082
RHSA-2020:4743
RHSA-2020_4082
RHSA-2020_4743
RLSA-2020:4743
SUSE-SU-2020:14460-1
SUSE-SU-2020:1946-1
SUSE-SU-2020:2442-1
SUSE-SU-2020:2443-1
SUSE-SU-2020_1946-1
SUSE-SU-2020_2442-1
SUSE-SU-2020_2443-1
USN-4551-1
USN-4895-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Squid
Squid Cache
Suse
Ubuntu