Vulnerability Details : CVE-2020-15811
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
Exploit prediction scoring system (EPSS) score for CVE-2020-15811
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-15811
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
[email protected] |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
[email protected] |
CWE ids for CVE-2020-15811
-
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.Assigned by: [email protected] (Primary)
References for CVE-2020-15811
-
https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html
Mailing List;Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4751
Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/[email protected]/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/
Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/[email protected]/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/
Mailing List;Third Party Advisory
-
https://usn.ubuntu.com/4477-1/
Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20210226-0006/
Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/[email protected]/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/
Mailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20210226-0007/
Third Party Advisory
-
https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
Patch;Third Party Advisory
-
https://usn.ubuntu.com/4551-1/
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html
Mailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20210219-0007/
Third Party Advisory
Products affected by CVE-2020-15811
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*