Versions of Squid 3.5.x prior to 3.5.18 are affected by multiple vulnerabilities :
- A flaw is triggered as input is not properly validated when handling HTTP request messages. This may allow a remote attacker to conduct a cache poisoning attack.
- A flaw is triggered as input is not properly sanitized when handling specially crafted host headers. This may allow a remote attacker to bypass same-origin protection mechanisms and cause the program to contact the wrong origin server. This may also poison downstream caches.
- Flaws in pointer handling and reference counting are triggered when handling specially crafted ESI response syntax. This may allow a remote server to cause a denial of service for Squid clients.