logo
DATABASE RESOURCES PRICING ABOUT US

HTTP Request Smuggling

Description

squid is vulnerable to HTTP request smuggling. An attacker is able to successfully perform request smuggling and poisoning attack against the HTTP cache by sending an HTTP request with a Content-Length header containing `+\ "-` or an uncommon shell whitespace character prefix to the length field-value.


Affected Software


CPE Name Name Version
squid3:bionic 3.5.27-1ubuntu1.8
squid3:bionic 3.5.27-1ubuntu1
squid3:xenial 3.5.12-1ubuntu7.13
squid3:xenial 3.5.12-1ubuntu7.14
squid3:xenial 3.5.12-1ubuntu7
squid 3.5.20__15.el7_8.1
squid 3.5.20__15.el7
squid 3.5.20__12.el7_6.1
squid3:stretch 3.5.23-5+deb9u1
squid:focal 4.10-1ubuntu1
squid:focal 4.10-1ubuntu1.2
squid:edge 4.10-r0
squid:edge 4.11-r0

Related