CVE-2020-15049
published 2020-06-30CVE-2020-15049: An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
5.71%
92.1th percentile
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 4.12-1 (bookworm) | squid 4.12-1 (bookworm) |
| fedoraproject | fedora | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | 2.0 – 2.6 | — |
| squid-cache | squid | 3.1 – 3.5.28 | — |
| squid-cache | squid | >= 4.0 < 4.12 | 4.12 |
| squid-cache | squid | >= 5.0 < 5.0.3 | 5.0.3 |
| squid | squid | >= 0 < 4.12-1 | 4.12-1 |
| squid | squid | >= 0 < 4.12-1 | 4.12-1 |
| squid | squid | >= 0 < 4.12-1 | 4.12-1 |
| squid | squid | >= 0 < 4.12-1 | 4.12-1 |
| squid | squid | >= 0 < 4.10-1ubuntu1.3 | 4.10-1ubuntu1.3 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
vendor_debian9.9CRITICAL
vendor_redhat9.9CRITICAL
vendor_ubuntu9.9CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2021-03-29·CVSS 9.9
CVE-2020-25097 [CRITICAL] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled
certain Content-Length headers. A remote attacker could possibly use this
issue to perform an HTTP request smuggling attack, resulting in cache
poisoning. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15049)
Jianjun Chen discovered that Squid incorrectly validated certain input. A
remote attacker could use this issue to perform HTTP Request Smuggling and
possibly access services forbidden by the security controls.
(CVE-2020-25097)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2020-09-28·CVSS 9.9
CVE-2020-15049 [CRITICAL] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled
certain Content-Length headers. A remote attacker could possibly use this
issue to perform an HTTP request smuggling attack, resulting in cache
poisoning. (CVE-2020-15049)
Amit Klein discovered that Squid incorrectly validated certain data. A
remote attacker could possibly use this issue to perform an HTTP request
smuggling attack, resulting in cache poisoning. (CVE-2020-15810)
Régis Leroy discovered that Squid incorrectly validated certain data. A
remote attacker could possibly use this issue to perform an HTTP request
splitting attack, resulting in cache poisoning. (CVE-2020-15811)
Lubos Uhliarik discovered that Squid incorrectly h
Red Hat
squid: Request smuggling and poisoning attack against the HTTP cache
vendor_redhat·2020-06-26·CVSS 9.9
CVE-2020-15049 [CRITICAL] CWE-444 squid: Request smuggling and poisoning attack against the HTTP cache
squid: Request smuggling and poisoning attack against the HTTP cache
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Sta
Debian
CVE-2020-15049: squid - An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12...
vendor_debian·2020·CVSS 9.9
CVE-2020-15049 [CRITICAL] CVE-2020-15049: squid - An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12...
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
Scope: local
bookworm: resolved (fixed in 4.12-1)
bullseye: resolved (fixed in 4.12-1)
forky: resolved (fixed in 4.12-1)
sid: resolved (fixed in 4.12-1)
trixie: resolved (fixed in 4.12-1)
OSV
squid, squid3 vulnerabilities
osv·2021-03-29·CVSS 8.8
CVE-2020-15049 [HIGH] squid, squid3 vulnerabilities
squid, squid3 vulnerabilities
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled
certain Content-Length headers. A remote attacker could possibly use this
issue to perform an HTTP request smuggling attack, resulting in cache
poisoning. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15049)
Jianjun Chen discovered that Squid incorrectly validated certain input. A
remote attacker could use this issue to perform HTTP Request Smuggling and
possibly access services forbidden by the security controls.
(CVE-2020-25097)
OSV
squid3 vulnerabilities
osv·2020-09-28·CVSS 8.8
CVE-2020-15049 [HIGH] squid3 vulnerabilities
squid3 vulnerabilities
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled
certain Content-Length headers. A remote attacker could possibly use this
issue to perform an HTTP request smuggling attack, resulting in cache
poisoning. (CVE-2020-15049)
Amit Klein discovered that Squid incorrectly validated certain data. A
remote attacker could possibly use this issue to perform an HTTP request
smuggling attack, resulting in cache poisoning. (CVE-2020-15810)
Régis Leroy discovered that Squid incorrectly validated certain data. A
remote attacker could possibly use this issue to perform an HTTP request
splitting attack, resulting in cache poisoning. (CVE-2020-15811)
Lubos Uhliarik discovered that Squid incorrectly handled certain Cache
Digest response messages sent by trusted
OSV
CVE-2020-15049: An issue was discovered in http/ContentLengthInterpreter
osv·2020-06-30·CVSS 8.8
CVE-2020-15049 [HIGH] CVE-2020-15049: An issue was discovered in http/ContentLengthInterpreter
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-15049 squid: Request smuggling and poisoning attack against the HTTP cache
bugzilla·2020-06-30·CVSS 9.9
CVE-2020-15049 [CRITICAL] CVE-2020-15049 squid: Request smuggling and poisoning attack against the HTTP cache
CVE-2020-15049 squid: Request smuggling and poisoning attack against the HTTP cache
This problem allows a trusted client to perform request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. Most popular server software are not vulnerable to participation in this attack.
Reference:
https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5
Discussion:
Created squid tracking bugs for this issue:
Affects: fedora-all [bug 1852551]
---
Upstream patches:
Squid 4:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch
Squid 5:
http://www.squid-cache.org/Versions/v5/changeset
Bugzilla
CVE-2020-15049 squid: request smuggling and poisoning attack against the HTTP cache [fedora-all]
bugzilla·2020-06-30·CVSS 9.9
CVE-2020-15049 [CRITICAL] CVE-2020-15049 squid: request smuggling and poisoning attack against the HTTP cache [fedora-all]
CVE-2020-15049 squid: request smuggling and poisoning attack against the HTTP cache [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.htmlhttp://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patchhttp://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patchhttps://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5https://lists.debian.org/debian-lts-announce/2020/10/msg00005.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/https://security.netapp.com/advisory/ntap-20210312-0001/https://usn.ubuntu.com/4551-1/https://www.debian.org/security/2020/dsa-4732http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.htmlhttp://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patchhttp://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patchhttps://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5https://lists.debian.org/debian-lts-announce/2020/10/msg00005.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/https://security.netapp.com/advisory/ntap-20210312-0001/https://usn.ubuntu.com/4551-1/https://www.debian.org/security/2020/dsa-4732
2020-06-30
Published