Vulnerability Details : CVE-2020-8449
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
Products affected by CVE-2020-8449
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Threat overview for CVE-2020-8449
Top countries where our scanners detected CVE-2020-8449
Top open port discovered on systems with this issue
3128
IPs affected by CVE-2020-8449 1,283,408
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-8449!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-8449
0.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8449
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-8449
-
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-8449
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/
[SECURITY] Fedora 31 Update: squid-4.10-3.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
[security-announce] openSUSE-SU-2020:0606-1: moderate: Security update fMailing List;Third Party Advisory
-
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch
Patch;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20210304-0002/
February 2020 Squid Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
Patch;Vendor Advisory
-
https://www.debian.org/security/2020/dsa-4682
Debian -- Security Information -- DSA-4682-1 squidThird Party Advisory
-
https://security.gentoo.org/glsa/202003-34
Squid: Multiple vulnerabilities (GLSA 202003-34) — Gentoo securityThird Party Advisory
-
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch
Patch;Vendor Advisory
-
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
Patch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
[SECURITY] [DLA 2278-1] squid3 security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4289-1/
USN-4289-1: Squid vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch
Patch;Vendor Advisory
-
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch
Patch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/
[SECURITY] Fedora 30 Update: squid-4.10-3.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
[security-announce] openSUSE-SU-2020:0307-1: moderate: Security update fMailing List;Third Party Advisory
Jump to