CVE-2020-15049

CRITICAL

Squid < 4.12 and 5.x < 5.0.3 - HTTP Request Smuggling via Content-Length Header

Title source: llm
STIX 2.1

Description

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.

References (10)

Core 10
Core References
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4732
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4551-1/
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210312-0001/

Scores

CVSS v3 9.9
EPSS 0.0571
EPSS Percentile 92.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-444
Status published
Products (3)
fedoraproject/fedora 31
squid-cache/squid 2.7 (9 CPE variants)
squid-cache/squid 2.0 - 2.6
Published Jun 30, 2020
Tracked Since Feb 18, 2026