squid-cache squid CVE-2020-11945 vulnerability in Squid Cache and Other Products
Published on April 23, 2020

product logo product logo product logo product logo product logo
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2020-11945

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-11945 are published in these products:

Squid Cache Squid
 
Canonical Ubuntu Linux
 
Debian Linux
 
Fedora Project Fedora
 
OpenSuse Leap
 

Exploit Probability

EPSS
28.48%
Percentile
96.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.