CVE-2020-15811

Priority
Description
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to
incorrect data validation, HTTP Request Splitting attacks may succeed
against HTTP and HTTPS traffic. This leads to cache poisoning. This allows
any client, including browser scripts, to bypass local security and poison
the browser cache and any downstream caches with content from an arbitrary
source. Squid uses a string search instead of parsing the Transfer-Encoding
header to find chunked encoding. This allows an attacker to hide a second
request inside Transfer-Encoding: it is interpreted by Squid as chunked and
split out into a second request delivered upstream. Squid will then deliver
two distinct responses to the client, corrupting any downstream caches.
Assigned-to
mdeslaur
Notes
Package
Source: squid (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):released (4.10-1ubuntu1.2)
Ubuntu 20.10 (Groovy Gorilla):released (4.13-1ubuntu1)
Patches:
Upstream:http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch
Upstream:https://github.com/squid-cache/squid/commit/fd68382860633aca92065e6c343cfd1b12b126e7
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-09-18 04:39:52 UTC (commit 138a3b00836060d8cce6678d1a23781391e3219f)