What is CVE-2020-8449?

CVE-2020-8449 is a vulnerability in Squid that allows a remote attacker to obtain sensitive information.

What is the severity of CVE-2020-8449?

CVE-2020-8449 has a severity rating of 7.5 (High).

How does CVE-2020-8449 work?

CVE-2020-8449 exploits improper input validation in Squid by sending a specially-crafted HTTP request to obtain server resources information.

Which versions of Squid are affected by CVE-2020-8449?

Squid versions before 4.10 are affected by CVE-2020-8449.

How can I fix CVE-2020-8449?

To fix CVE-2020-8449, update Squid to version 4.10 or later.

Vulnerability/
CVE-2020-8449

high

7.5

CWE

20 668

4/2/2020

4/8/2024

CVE-2020-8449: Input Validation

First published: Tue Feb 04 2020(Updated: )

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Squid-Cache Squid	<4.10
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=19.10
openSUSE Leap	=15.1
Fedoraproject Fedora	=30
Fedoraproject Fedora	=31
IBM Security Guardium	<=10.5
IBM Security Guardium	<=10.6
IBM Security Guardium	<=11.0
IBM Security Guardium	<=11.1
IBM Security Guardium	<=11.2
IBM Security Guardium	<=11.3
debian/squid		4.13-10+deb11u3 5.7-2+deb12u2 6.10-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6455281

Frequently Asked Questions

What is CVE-2020-8449?
CVE-2020-8449 is a vulnerability in Squid that allows a remote attacker to obtain sensitive information.
What is the severity of CVE-2020-8449?
CVE-2020-8449 has a severity rating of 7.5 (High).
How does CVE-2020-8449 work?
CVE-2020-8449 exploits improper input validation in Squid by sending a specially-crafted HTTP request to obtain server resources information.
Which versions of Squid are affected by CVE-2020-8449?
Squid versions before 4.10 are affected by CVE-2020-8449.
How can I fix CVE-2020-8449?
To fix CVE-2020-8449, update Squid to version 4.10 or later.

collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/remedy
collector/ibm-support
source/IBM
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/security-tracker-debian
source/Debian
collector/usn-cve
source/Ubuntu
agent/references
agent/softwarecombine
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/trending
vendor/squid-cache
canonical/squid-cache squid
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
version/debian debian linux/10.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/19.10
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.1
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/30
version/fedoraproject fedora/31
vendor/ibm
canonical/ibm security guardium
version/ibm security guardium/10.5
version/ibm security guardium/10.6
version/ibm security guardium/11.0
version/ibm security guardium/11.1
version/ibm security guardium/11.2
version/ibm security guardium/11.3
package-manager/debian

CVE-2020-8449: Input Validation

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is CVE-2020-8449?

What is the severity of CVE-2020-8449?

How does CVE-2020-8449 work?

Which versions of Squid are affected by CVE-2020-8449?

How can I fix CVE-2020-8449?

Company

Resources

Contact