4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
65.1%
Squid is a caching proxy server. Squid contains a vulnerability where server responses that contain invalid values in the Content-Length of the HTTP header are sent to the client.
If a HTTP response with a specially crafted header is processed, it may result in a HTTP response splitting attack.
Apply an Update
Apply the appropriate update for the version of the software being used.
According to the developer, this vulnerability was addressed in 3.1.0.10-beta and that all stable Squid versions 3.1.x and later are not affected by this vulnerability.