Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 729760 (CVE-2020-15049) - <net-proxy/squid-4.12: Information disclosure vulnerability (CVE-2020-15049)
Summary: <net-proxy/squid-4.12: Information disclosure vulnerability (CVE-2020-15049)
Status: RESOLVED FIXED
Alias: CVE-2020-15049
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/squid-cache/squid/...
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on: CVE-2020-14058, CVE-2020-14059, SQUID-2020-5, SQUID-2020-6
Blocks:
  Show dependency tree
 
Reported: 2020-06-26 17:48 UTC by John Helmert III
Modified: 2020-06-29 18:16 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-06-26 17:48:51 UTC
Description:

This problem allows a trusted client to perform request smuggling and poison the
HTTP cache contents with crafted HTTP(S) request messages.

This attack requires an upstream server to participate in the smuggling and
generate the poison response sequence. Most popular server software are not
vulnerable to participation in this attack.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-06-26 17:50:06 UTC
Maintainer, please call for stabilization when ready.
Comment 2 Tomáš Mózes 2020-06-26 19:40:25 UTC
Used in production, works fine on amd64.
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-06-29 18:16:00 UTC
parent bug is noglsa, this one either.