Vulnerabilities

CVE-2020-15049

by Fred · 30/06/2020

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+ "-" or an uncommon shell whitespace character prefix to the length field-value.

Date published : 2020-06-30

https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5

https://security.netapp.com/advisory/ntap-20210312-0001/

Similar

Tags: Cybersecurity Alert