{
  "threat_severity" : "Moderate",
  "public_date" : "2020-06-26T00:00:00Z",
  "bugzilla" : {
    "description" : "squid: Request smuggling and poisoning attack against the HTTP cache",
    "id" : "1852550",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1852550"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-444",
  "details" : [ "An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\\ \"-\" or an uncommon shell whitespace character prefix to the length field-value.", "A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "statement" : "This issue has been rated as having moderate security impact, (despite of having a higher CVSS scoring) because the attack requires an upstream server to participate in the smuggling attack and generate the poison response sequence, which is really uncommon because most popular software are not vulnerable to participation in this attack. While the vulnerability does exists in squid, it is not easily exploitable and requires participation of other components on the network.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-30T00:00:00Z",
    "advisory" : "RHSA-2020:4082",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "squid-7:3.5.20-17.el7_9.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4743",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "squid:4-8030020200828070549.30b713e6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "squid",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "squid",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "squid34",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-15049\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15049\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5" ],
  "name" : "CVE-2020-15049",
  "csaw" : false
}