PT-2020-3785 · Squid+7 · Squid+8

Amit Klein

·

Published

2020-08-24

·

Updated

2024-06-15

·

CVE-2020-15810

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions: Squid versions prior to 4.13 Squid versions 5.x prior to 5.0.4
Description: The issue is related to inconsistent interpretation of HTTP requests, which can lead to HTTP Request Smuggling attacks against HTTP and HTTPS traffic, resulting in cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing, Squid relays headers containing whitespace characters to upstream servers, which can be used to ignore the frame length specified in a Content-Length header.
Recommendations: For Squid versions prior to 4.13, update to version 4.13 or later to resolve the issue. For Squid versions 5.x prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. As a temporary workaround, consider disabling relaxed header parsing to minimize the risk of exploitation.

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALT-PU-2020-3116
ALT-PU-2020-3140
ALT-PU-2020-3142
BDU:2020-04147
CESA-2020_3623
CESA-2020_4082
CVE-2020-15810
DLA-2394-1
DSA-4751-1
GHSA-3365-Q9QX-F98M
MGASA-2020-0361
OESA-2021-1092
OPENSUSE-SU-2020:1346-1
OPENSUSE-SU-2020:1369-1
OPENSUSE-SU-2020_1346-1
OPENSUSE-SU-2020_1369-1
OPENSUSE-SU-2024:11403-1
RHSA-2020:3623
RHSA-2020:4082
RHSA-2020_3623
RHSA-2020_4082
RLSA-2020:3623
SUSE-SU-2020:14590-1
SUSE-SU-2020:2442-1
SUSE-SU-2020:2443-1
SUSE-SU-2020:2471-1
SUSE-SU-2020_14590-1
SUSE-SU-2020_2471-1
SUSE-SU-2022:14908-1
SUSE-SU-2022_14908-1
USN-4477-1
USN-4551-1

Affected Products

Alt Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Squid
Squid Cache
Suse
Ubuntu