| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Content spoofing |
|
| Description |
| + |
A HTTP request splitting issue has been found in Squid before 4.9. This issue allows attackers to smuggle HTTP requests through frontend software to a Squid which splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between client and Squid with attacker controlled content at arbitrary URLs. |
|
| References |
| + |
http://www.squid-cache.org/Advisories/SQUID-2019_10.txt |
| + |
http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch |
|
| Notes |
|