CVE-2020-15049

CRITICAL

Squid <4.12, 5.x <5.0.3 - SSRF

Title source: llm

Description

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.

References (10)

[Patch, Vendor Advisory] http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch

[Patch, Vendor Advisory] http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch

[Third Party Advisory] https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/

[Third Party Advisory] https://www.debian.org/security/2020/dsa-4732

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html

[Vendor Advisory] https://usn.ubuntu.com/4551-1/

[Mailing List] https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20210312-0001/

Scores

CVSS v3 9.9

EPSS 0.1565

EPSS Percentile 94.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-444

Status published

Products (3)

fedoraproject/fedora 31

squid-cache/squid 2.7 (9 CPE variants)

squid-cache/squid 2.0 - 2.6

Published Jun 30, 2020

Tracked Since Feb 18, 2026