Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 729760 (CVE-2020-15049) - <net-proxy/squid-4.12: Information disclosure vulnerability (CVE-2020-15049)
Summary: <net-proxy/squid-4.12: Information disclosure vulnerability (CVE-2020-15049)
Alias: CVE-2020-15049
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa cve]
Depends on: CVE-2020-14058, CVE-2020-14059, SQUID-2020-5, SQUID-2020-6
  Show dependency tree
Reported: 2020-06-26 17:48 UTC by John Helmert III
Modified: 2020-06-29 18:16 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-06-26 17:48:51 UTC

This problem allows a trusted client to perform request smuggling and poison the
HTTP cache contents with crafted HTTP(S) request messages.

This attack requires an upstream server to participate in the smuggling and
generate the poison response sequence. Most popular server software are not
vulnerable to participation in this attack.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-06-26 17:50:06 UTC
Maintainer, please call for stabilization when ready.
Comment 2 Tomáš Mózes 2020-06-26 19:40:25 UTC
Used in production, works fine on amd64.
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2020-06-29 18:16:00 UTC
parent bug is noglsa, this one either.