{"id":38751,"date":"2020-09-29T01:41:05","date_gmt":"2020-09-28T16:41:05","guid":{"rendered":"https:\/\/jirak.net\/wp\/usn-4551-1-squid-vulnerabilities\/"},"modified":"2020-09-29T03:34:06","modified_gmt":"2020-09-28T18:34:06","slug":"usn-4551-1-squid-vulnerabilities","status":"publish","type":"post","link":"https:\/\/jirak.net\/wp\/usn-4551-1-squid-vulnerabilities\/","title":{"rendered":"USN-4551-1: Squid vulnerabilities"},"content":{"rendered":"

USN-4551-1: Squid vulnerabilities<\/p>\n

Alex Rousskov and Amit Klein discovered that Squid incorrectly handled
\ncertain Content-Length headers. A remote attacker could possibly use this
\nissue to perform an HTTP request smuggling attack, resulting in cache
\npoisoning. (CVE-2020-15049)<\/p>\n

Amit Klein discovered that Squid incorrectly validated certain data. A
\nremote attacker could possibly use this issue to perform an HTTP request
\nsmuggling attack, resulting in cache poisoning. (CVE-2020-15810)<\/p>\n

R\u00e9gis Leroy discovered that Squid incorrectly validated certain data. A
\nremote attacker could possibly use this issue to perform an HTTP request
\nsplitting attack, resulting in cache poisoning. (CVE-2020-15811)<\/p>\n

Lubos Uhliarik discovered that Squid incorrectly handled certain Cache
\nDigest response messages sent by trusted peers. A remote attacker could
\npossibly use this issue to cause Squid to consume resources, resulting in a
\ndenial of service. (CVE-2020-24606)
\nSource: USN-4551-1: Squid vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

USN-4551-1: Squid vulnerabilities Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15049) Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15810) R\u00e9gis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. (CVE-2020-15811) Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. (CVE-2020-24606) Source: USN-4551-1: Squid vulnerabilities<\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-38751","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/38751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=38751"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/38751\/revisions"}],"predecessor-version":[{"id":38752,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/38751\/revisions\/38752"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=38751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=38751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=38751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}