cbcvebase.
CVE-2020-15811
published 2020-09-02

CVE-2020-15811: An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP…

PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
4.23%
89.8th percentile
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.

Affected

18 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debiansquid< squid 4.13-1 (bookworm)squid 4.13-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
opensuseleap
opensuseleap
squid-cachesquid< 4.134.13
squid-cachesquid>= 5.0 < 5.0.45.0.4
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.10-1ubuntu1.24.10-1ubuntu1.2

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
osv8.8HIGH
vendor_ubuntu9.9CRITICAL
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.