Описание
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| squid | fixed | 4.1-1 | package | |
| squid | no-dsa | squeeze | package | |
| squid | no-dsa | wheezy | package | |
| squid3 | fixed | 3.1.1-1 | package |
Примечания
https://www.openwall.com/lists/oss-security/2015/03/01/2
Patch: http://www.squid-cache.org/Versions/v3/3.1/changesets/b9619.patch
https://jvn.jp/en/jp/JVN64455813/index.html
EPSS
Связанные уязвимости
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
EPSS