漏洞信息详情
Squid 环境问题漏洞
- CNNVD编号:CNNVD-202103-1218
- 危害等级: 高危
- CVE编号: CVE-2020-25097
- 漏洞类型: 环境问题
- 发布时间: 2021-03-19
- 威胁类型: 远程
- 更新时间: 2022-03-08
- 厂 商:
- 漏洞来源: Red Hat
漏洞简介
Squid是一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。
Squid through 4.13 and 5.x through 5.0.4 存在环境问题漏洞,该漏洞源于不正确的输入验证,它允许受信任的客户机执行HTTP请求走私,并访问安全控制部门禁止的服务。
漏洞公告
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:
http://www.squid-cache.org/
参考网址
来源:MISC
链接:http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch
来源:MISC
链接:http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch
来源:DEBIAN
链接:https://www.debian.org/security/2021/dsa-4873
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/
来源:MISC
链接:https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
来源:GENTOO
链接:https://security.gentoo.org/glsa/202105-14
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210727-0010/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021052214
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162791/Gentoo-Linux-Security-Advisory-202105-14.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162024/Ubuntu-Security-Notice-USN-4895-1.HTML
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021053004
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1938
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021052636
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0996
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-25097
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Squid-information-disclosure-via-HTTP-Request-Smuggling-34888
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1677
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0967
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021041802
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1077
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162692/Red-Hat-Security-Advisory-2021-1979-01.HTML
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021041206
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2114
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162134/Red-Hat-Security-Advisory-2021-1135-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1199
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1771
受影响实体
暂无
补丁
暂无
评论