CVE-2020-15810: XSS
First published: Mon Aug 24 2020(Updated: )
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/squid | <=4.6-1+deb10u3<=4.6-1<=4.12-1 | 4.13-1 4.6-1+deb10u4 |
| Squid-Cache Squid | <4.13 | |
| Squid-Cache Squid | >=5.0<5.0.4 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =20.04 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| IBM Security Guardium | <=10.5 | |
| IBM Security Guardium | <=10.6 | |
| IBM Security Guardium | <=11.0 | |
| IBM Security Guardium | <=11.1 | |
| IBM Security Guardium | <=11.2 | |
| IBM Security Guardium | <=11.3 | |
| ubuntu/squid | <4.10-1ubuntu1.2 | 4.10-1ubuntu1.2 |
| ubuntu/squid | <4.13-1ubuntu1 | 4.13-1ubuntu1 |
| ubuntu/squid | <4.13-1ubuntu1 | 4.13-1ubuntu1 |
| ubuntu/squid3 | <3.5.27-1ubuntu1.9 | 3.5.27-1ubuntu1.9 |
| ubuntu/squid3 | <3.5.12-1ubuntu7.15 | 3.5.12-1ubuntu7.15 |
| debian/squid | 4.6-1+deb10u7 4.6-1+deb10u10 4.13-10+deb11u2 4.13-10+deb11u3 5.7-2 5.7-2+deb12u1 6.6-1 6.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2020-15810
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810
- https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
- http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_10.patch
- https://security-tracker.debian.org/tracker/CVE-2020-15811
- https://security-tracker.debian.org/tracker/CVE-2020-24606
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968934
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/
- https://security.netapp.com/advisory/ntap-20210219-0007/
- https://security.netapp.com/advisory/ntap-20210226-0006/
- https://security.netapp.com/advisory/ntap-20210226-0007/
- https://usn.ubuntu.com/4477-1/
- https://usn.ubuntu.com/4551-1/
- https://www.debian.org/security/2020/dsa-4751
- https://launchpad.net/bugs/cve/CVE-2020-15810
- https://exchange.xforce.ibmcloud.com/vulnerabilities/187451
- https://www.ibm.com/support/pages/node/6455281 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/
- https://ubuntu.com/security/notices/USN-4477-1
- https://ubuntu.com/security/notices/USN-4551-1
- https://www.cve.org/CVERecord?id=CVE-2020-15810
- https://nvd.nist.gov/vuln/detail/CVE-2020-15810
- https://github.com/squid-cache/squid/commit/9c8e2a71aa1d3c159a319d9365c346c48dc783a5
- https://ubuntu.com/security/CVE-2020-15810
Frequently Asked Questions
What is the vulnerability ID for this Squid-Cache vulnerability?
The vulnerability ID for this Squid-Cache vulnerability is CVE-2020-15810.
What is the severity of CVE-2020-15810?
CVE-2020-15810 has a severity rating of 9.6 (Critical).
What is the affected software for CVE-2020-15810?
The affected software for CVE-2020-15810 includes Squid versions before 4.13 and 5.x before 5.0.4, as well as IBM Security Guardium versions up to 11.3.
How does CVE-2020-15810 impact HTTP and HTTPS traffic?
CVE-2020-15810 can lead to successful HTTP Request Smuggling attacks against HTTP and HTTPS traffic, resulting in cache poisoning.
Where can I find more information about CVE-2020-15810?
You can find more information about CVE-2020-15810 in the following references: [1](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html), [2](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html), [3](https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m).
- collector/debian-bugs
- alias/CVE-2020-15810
- collector/nvd-index
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/ibm-support
- agent/software-canonical-lookup-request
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/debian
- vendor/squid-cache
- canonical/squid-cache squid
- version/squid-cache squid/5.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/20.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2
- vendor/ibm
- canonical/ibm security guardium
- version/ibm security guardium/10.5
- version/ibm security guardium/10.6
- version/ibm security guardium/11.0
- version/ibm security guardium/11.1
- version/ibm security guardium/11.2
- version/ibm security guardium/11.3
- package-manager/ubuntu