// For flags

CVE-2020-15049

squid: Request smuggling and poisoning attack against the HTTP cache

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.

Se detectó un problema en el archivo http/ContentLengthInterpreter.cc en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Un ataque de Trafico No Autorizado de Peticiones y Envenenamiento puede tener éxito contra la memoria caché HTTP. El cliente envía una petición HTTP con un encabezado Content-Length que contiene "+\"-" o un prefijo del carácter espacio en blanco de shell poco común en el valor de campo de longitud

A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-06-25 CVE Reserved
  • 2020-06-30 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-10-24 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 >= 2.0 <= 2.6
Search vendor "Squid-cache" for product "Squid" and version " >= 2.0 <= 2.6"
-
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 >= 3.1 <= 3.5.28
Search vendor "Squid-cache" for product "Squid" and version " >= 3.1 <= 3.5.28"
-
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 >= 4.0 < 4.12
Search vendor "Squid-cache" for product "Squid" and version " >= 4.0 < 4.12"
-
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 >= 5.0 < 5.0.3
Search vendor "Squid-cache" for product "Squid" and version " >= 5.0 < 5.0.3"
-
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
-
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable2
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable3
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable4
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable5
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable6
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable7
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable8
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable9
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 31
Search vendor "Fedoraproject" for product "Fedora" and version "31"
-
Affected