Test Kennung:	1.3.6.1.4.1.25623.1.0.145600
Kategorie:	Web Servers
Titel:	Squid 2.0 < 4.14, 5.0.1 < 5.0.5 HTTP Request Smuggling Vulnerability
Zusammenfassung:	Squid is prone to an HTTP request smuggling vulnerability.
Beschreibung:	Summary: Squid is prone to an HTTP request smuggling vulnerability. Vulnerability Insight: Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. Affected Software/OS: Squid version 2.0 through 4.13 and 5.0.1 through 5.0.4. Solution: Update to version 4.13, 5.0.5 or later. See the referenced vendor advisory for a workaround. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-25097 Debian Security Information: DSA-4873 (Google Search) https://www.debian.org/security/2021/dsa-4873 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/ https://security.gentoo.org/glsa/202105-14 http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.