Input Validation Flaw in Squid Proxy Server by Squid Software
CVE-2020-8449

7.5HIGH

Key Information:

Vendor

Squid-cache

Status
Squid
Vendor
CVE Published:
4 February 2020

What is CVE-2020-8449?

An input validation flaw in Squid Proxy Server allows crafted HTTP requests to bypass existing security filters. This could potentially enable unauthorized access to server resources that were meant to be restricted. The issue arises from the server's improper handling of specific request formats, which can result in unexpected server behavior and exploitation by a malicious actor.

References

http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
x_refsource_MISC
http://www.squid-cache.org/Versions/v4/changesets/squid-4...
x_refsource_MISC
http://www.squid-cache.org/Versions/v3/3.5/changesets/squ...
x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.