An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid.
www.squid-cache.org/Advisories/SQUID-2016_7.txt
bugzilla.redhat.com/show_bug.cgi?id=1334233