cbcvebase.
CVE-2020-15810
published 2020-09-02

CVE-2020-15810: An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP…

PriorityP341medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
2.53%
82.9th percentile
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.

Affected

18 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debiansquid< squid 4.13-1 (bookworm)squid 4.13-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
opensuseleap
opensuseleap
squid-cachesquid< 4.134.13
squid-cachesquid>= 5.0 < 5.0.45.0.4
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.10-1ubuntu1.24.10-1ubuntu1.2

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv8.8HIGH
vendor_ubuntu9.9CRITICAL
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.