Home

CVE-2020-25097

Description

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.

Risk Information

Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.583

Associated Vulnerability

VulnerabilityOS Platform
squid security update(DSA-4873-1) squid_4.6-1+deb10u5_i386.debLinux
squid security update(DSA-4873-1) squid_4.6-1+deb10u5_amd64.debLinux
Web proxy cache server (USN-4895-1) squid_4.10-1ubuntu1.3_amd64.debLinux
Web proxy cache server (USN-4895-1) squid_4.13-1ubuntu2.1_amd64.debLinux
Web proxy cache server (USN-4895-1) squid_3.5.12-1ubuntu7.16_i386.debLinux
Web proxy cache server (USN-4895-1) squid_3.5.12-1ubuntu7.16_amd64.debLinux
Web proxy cache server (USN-4895-1) squid_3.5.27-1ubuntu1.10_i386.debLinux
Web proxy cache server (USN-4895-1) squid_3.5.27-1ubuntu1.10_amd64.debLinux
Squid update (ELSA-2021-1135) squid-3.5.20-17.el7_9.6.x86_64.rpmLinux
Squid-migration-script update (ELSA-2021-1135) squid-migration-script-3.5.20-17.el7_9.6.x86_64.rpmLinux
Squid-sysvinit update (ELSA-2021-1135) squid-sysvinit-3.5.20-17.el7_9.6.x86_64.rpmLinux
(RHSA-2021:1135) squid security update squid-3.5.20-17.el7_9.6.x86_64.rpmLinux
(RHSA-2021:1135) squid security update squid-migration-script-3.5.20-17.el7_9.6.x86_64.rpmLinux
(RHSA-2021:1135) squid security update squid-sysvinit-3.5.20-17.el7_9.6.x86_64.rpmLinux
(RHSA-2021:1979) squid:4 security update squid-4.11-4.module+el8.4.0+10676+a969168e.2.x86_64.rpmLinux
(RHSA-2021:1979) squid:4 security update squid-debugsource-4.11-4.module+el8.4.0+10676+a969168e.2.x86_64.rpmLinux
Libecap update (ELSA-2021-1979) libecap-1.0.1-2.module+el8.3.0+7819+eb7d4ef6.x86_64.rpmLinux
Libecap-devel update (ELSA-2021-1979) libecap-devel-1.0.1-2.module+el8.3.0+7819+eb7d4ef6.x86_64.rpmLinux
Squid update (ELSA-2021-1979) squid-4.11-4.module+el8.4.0+20173+36853f3f.2.x86_64.rpmLinux
SUSE-SU-2021:1838-1(SUSE Linux Enterprise Server 12-SP5 ) squid-4.15-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:1838-1(SUSE Linux Enterprise Server 12-SP5 ) squid-debuginfo-4.15-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:1838-1(SUSE Linux Enterprise Server 12-SP5 ) squid-debugsource-4.15-4.18.1.x86_64.rpmLinux
(CESA-2021:1135) squid security update squid-3.5.20-17.el7_9.6.x86_64.rpmLinux
(CESA-2021:1135) squid security update squid-migration-script-3.5.20-17.el7_9.6.x86_64.rpmLinux
(CESA-2021:1135) squid security update squid-sysvinit-3.5.20-17.el7_9.6.x86_64.rpmLinux
squid:4 security update (RLSA-2021:1979) libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpmLinux
squid:4 security update (RLSA-2021:1979) libecap-devel-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234