CVE-2020-8449 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-8449?

CVE-2020-8449 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8449?

Check the references section above for vendor advisories and patch information. Affected products include: Squid-Cache Squid, Debian Debian Linux, Canonical Ubuntu Linux, Opensuse Leap, Fedoraproject Fedora.

Vulnerability Description

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Squid-Cache	Squid	< 4.10
Debian	Debian Linux	9.0
Canonical	Ubuntu Linux	16.04
Opensuse	Leap	15.1
Fedoraproject	Fedora	30

Related Weaknesses (CWE)

CWE-668

References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.htmlMailing ListThird Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2020_1.txtPatchVendor Advisory
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patchPatchVendor Advisory
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a0PatchVendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patchPatchVendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cPatchVendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519PatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202003-34Third Party Advisory
https://security.netapp.com/advisory/ntap-20210304-0002/Third Party Advisory
https://usn.ubuntu.com/4289-1/Third Party Advisory
https://www.debian.org/security/2020/dsa-4682Third Party Advisory

FAQ

What is CVE-2020-8449?

CVE-2020-8449 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security fil...

How severe is CVE-2020-8449?

CVE-2020-8449 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8449?

Check the references section above for vendor advisories and patch information. Affected products include: Squid-Cache Squid, Debian Debian Linux, Canonical Ubuntu Linux, Opensuse Leap, Fedoraproject Fedora.