gsd-2020-15811
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2020-15811",
    "description": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.",
    "id": "GSD-2020-15811",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-15811.html",
      "https://www.debian.org/security/2020/dsa-4751",
      "https://access.redhat.com/errata/RHSA-2020:4082",
      "https://access.redhat.com/errata/RHSA-2020:3623",
      "https://ubuntu.com/security/CVE-2020-15811",
      "https://advisories.mageia.org/CVE-2020-15811.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2020-15811.html",
      "https://linux.oracle.com/cve/CVE-2020-15811.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-15811"
      ],
      "details": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.",
      "id": "GSD-2020-15811",
      "modified": "2023-12-13T01:21:43.240488Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-15811",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv",
            "refsource": "MISC",
            "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv"
          },
          {
            "name": "DSA-4751",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4751"
          },
          {
            "name": "USN-4477-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4477-1/"
          },
          {
            "name": "FEDORA-2020-73af8655eb",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
          },
          {
            "name": "FEDORA-2020-63f3bd656e",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
          },
          {
            "name": "openSUSE-SU-2020:1346",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2020:1369",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
          },
          {
            "name": "FEDORA-2020-6c58bff862",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
          },
          {
            "name": "USN-4551-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4551-1/"
          },
          {
            "name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20210219-0007/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20210226-0007/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20210226-0006/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4A9D1D4D-25A3-4B02-86CA-CCC939C70E44",
                    "versionEndExcluding": "4.13",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "84BC35EF-F998-4114-BF16-E77078504004",
                    "versionEndExcluding": "5.0.4",
                    "versionStartIncluding": "5.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                    "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                    "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                    "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches."
          },
          {
            "lang": "es",
            "value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4.\u0026#xa0;Debido a la comprobaci\u00f3n de datos incorrecta, los ataques de Divisi\u00f3n de Peticiones HTTP pueden tener \u00e9xito contra el tr\u00e1fico HTTP y HTTPS.\u0026#xa0;Esto conlleva al envenenamiento de la cach\u00e9.\u0026#xa0;Esto permite a cualquier cliente, incluyendo los scripts del navegador, omitir la seguridad local y envenenar la cach\u00e9 del navegador y cualquier cach\u00e9 aguas abajo con contenido de una fuente arbitraria.\u0026#xa0;Squid usa una b\u00fasqueda de cadenas en lugar de analizar el encabezado Transfer-Encoding para encontrar codificaci\u00f3n fragmentada.\u0026#xa0;Esto permite a un atacante ocultar  una segunda petici\u00f3n dentro de Transfer-Encoding: Squid la interpreta como fragmentada y dividida en una segunda petici\u00f3n entregada en sentido ascendente.\u0026#xa0;Squid luego entregar\u00e1 dos respuestas distintas al cliente, corrompiendo cualquier cach\u00e9 aguas abajo"
          }
        ],
        "id": "CVE-2020-15811",
        "lastModified": "2024-02-02T03:04:21.970",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 8.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2020-09-02T17:15:11.687",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://usn.ubuntu.com/4477-1/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://usn.ubuntu.com/4551-1/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4751"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-697"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.