vulnerability
Red Hat: CVE-2020-25097: CVE-2020-25097 squid: improper input validation may allow a trusted client to perform HTTP request smuggling (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Mar 19, 2021 | Apr 9, 2021 | Feb 20, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 19, 2021
Added
Apr 9, 2021
Modified
Feb 20, 2026
Description
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
Solutions
redhat-upgrade-libecapredhat-upgrade-libecap-debuginforedhat-upgrade-libecap-debugsourceredhat-upgrade-libecap-develredhat-upgrade-squidredhat-upgrade-squid-debuginforedhat-upgrade-squid-debugsourceredhat-upgrade-squid-migration-scriptredhat-upgrade-squid-sysvinit
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.