Description
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
Remediation
References
Related Vulnerabilities
Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.19)
WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Cross-Site Scripting (1.4)
PHP Numeric Errors Vulnerability (CVE-2010-4409)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.26)
Oracle Database Server CVE-2019-2569 Vulnerability (CVE-2019-2569)