2 matches found
security flaw
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including 1 multiple Content-Length headers, 2 carriage return CR characters that are not part of a CRLF pair, and 3 header names containing...
squid -- possible cache-poisoning via malformed HTTP responses
The squid patches page notes: This patch makes Squid considerably stricter while parsing the HTTP protocol. A Content-length header should only appear once in a valid request or response. Multiple Content-length headers, in conjunction with specially crafted requests, may allow Squid's cache to b...