CESA-2020:4082 -- centos 7 squidID: oval:org.secpod.oval:def:205677 | Date: (C)2020-11-10 (M)2024-02-08 |
Class: PATCH | Family: unix |
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: HTTP Request Smuggling could result in cache poisoning * squid: HTTP Request Splitting could result in cache poisoning * squid: Information Disclosure issue in FTP Gateway * squid: Improper input validation issues in HTTP Request processing * squid: Buffer overflow in reverse-proxy configurations * squid: Request smuggling and poisoning attack against the HTTP cache * squid: Improper input validation could result in a DoS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.