Tuesday, March 23, 2021

Debian: CVE-2020-25097: squid3 -- security update

Description
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
Solution(s)
  • debian-upgrade-squid3


  • References
  • https://attackerkb.com/topics/cve-2020-25097
  • CVE - 2020-25097
  • DLA-2598-1




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated