Description

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Remediation

References

CVE-2020-8449

Related Vulnerabilities

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25147)

WebLogic CVE-2023-22086 Vulnerability (CVE-2023-22086)

Plone CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32633)

Oracle JRE CVE-2012-5086 Vulnerability (CVE-2012-5086)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1860)

Severity

High

Classification

CVE-2020-8449 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities