Description
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
Remediation
References
Related Vulnerabilities
Apache version older than 1.3.31
WordPress Plugin Custom Login Page Customizer-LoginPress Unspecified Vulnerability (1.1.15)
XWiki Incomplete Cleanup Vulnerability (CVE-2023-36468)
Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)
Plone CMS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2024-0669)