Download
| Alert*
oval:org.secpod.oval:def:2106330
Oracle Solaris 11 - ( CVE-2020-24606 ) oval:org.secpod.oval:def:705597 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:1601211 An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users" sessions or non-Squid processes. An issue was discovered in http/ContentLengthInterpreter.cc in Squid before ... oval:org.secpod.oval:def:89000155 This update for squid3 fixes the following issues: - CVE-2020-15811: Fixed an HTTP request splitting vulnerability . - CVE-2020-24606: Fixed a DoS vulnerability when processing Cache Digest Responses . - CVE-2020-15810: Fixed an HTTP request smuggling vulnerability . oval:org.secpod.oval:def:705671 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:89000593 This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply . - CVE-2020-15811: Improve Transfer-Encoding handling . - CVE-2020-15810: Enforce token characters for field-name . oval:org.secpod.oval:def:604995 Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in request splitting, request smuggling and denial of service when processing crafted cache digest responses messages. oval:org.secpod.oval:def:89000691 This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply . - CVE-2020-15811: Improve Transfer-Encoding handling . - CVE-2020-15810: Enforce token characters for field-name . oval:org.secpod.oval:def:89000433 This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply . - CVE-2020-15811: Improve Transfer-Encoding handling . - CVE-2020-15810: Enforce token characters for field-name . oval:org.secpod.oval:def:1700409 A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. A flaw was found in squid. Due to incorrect data va ... oval:org.secpod.oval:def:504356 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: HTTP Request Smuggling could result in cache poisoning * squid: HTTP Request Splitting could result in cache poisoning * squid: Information Disclosure issue in FT ... oval:org.secpod.oval:def:1503058 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1801752 Due to incorrect data validation Squid is vulnerable to HTTP Request Smuggling attacks against HTTP and HTTPS traffic. This leads to cache poisoning. Affected Versions: 2.5-3.5.28, 4.0-4.12, 5.0.1-5.0.3Due to incorrect data validation Squid is vulnerable to HTTP Request Splitting attacks against HTT ... oval:org.secpod.oval:def:66744 Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in request splitting, request smuggling and denial of service when processing crafted cache digest responses messages. oval:org.secpod.oval:def:118677 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:118675 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:205677 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: HTTP Request Smuggling could result in cache poisoning * squid: HTTP Request Splitting could result in cache poisoning * squid: Information Disclosure issue in FT ... oval:org.secpod.oval:def:1701778 A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. A flaw was found in squid. Due to incorrect data va ... oval:org.secpod.oval:def:67144 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:67088 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:1505298 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500091 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:68001 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid . Security Fix: * squid: Improper input validation in request allows for proxy manipulation * squid: Off-by- ... oval:org.secpod.oval:def:504724 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid . Security Fix: * squid: Improper input validation in request allows for proxy manipulation * squid: Off-by- ... oval:org.secpod.oval:def:97559 [CLSA-2021:1632262221] Fixed 9 CVEs in squid34 |