vulnerability
CentOS Linux: CVE-2020-25097: Important: squid security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Mar 19, 2021 | Apr 9, 2021 | May 25, 2023 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 19, 2021
Added
Apr 9, 2021
Modified
May 25, 2023
Description
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
Solutions
centos-upgrade-libecapcentos-upgrade-libecap-debuginfocentos-upgrade-libecap-debugsourcecentos-upgrade-libecap-develcentos-upgrade-squidcentos-upgrade-squid-debuginfocentos-upgrade-squid-debugsourcecentos-upgrade-squid-migration-scriptcentos-upgrade-squid-sysvinit
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.