CVE-2015-0881
published 2015-02-20CVE-2015-0881: CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
4.51%
90.3th percentile
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 4.1-1 (bookworm) | squid 4.1-1 (bookworm) |
| squid-cache | squid | <= 3.1.0.18 | — |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
| squid | squid | >= 0 < 4.1-1 | 4.1-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
squid: CRLF injection flaw permitting HTTP response splitting attacks
vendor_redhat·2015-03-06·CVSS 4.3
CVE-2015-0881 [MEDIUM] CWE-113 squid: CRLF injection flaw permitting HTTP response splitting attacks
squid: CRLF injection flaw permitting HTTP response splitting attacks
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
Statement: This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Enterprise Linux 6 ships version 3.1.10 and Red Hat Enterprise Linux 7 ships version 3.3.8 of squide, both of which include the fix for this issue.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterpri
Debian
CVE-2015-0881: squid - CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to in...
vendor_debian·2015·CVSS 4.3
CVE-2015-0881 [MEDIUM] CVE-2015-0881: squid - CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to in...
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
Scope: local
bookworm: resolved (fixed in 4.1-1)
bullseye: resolved (fixed in 4.1-1)
forky: resolved (fixed in 4.1-1)
sid: resolved (fixed in 4.1-1)
trixie: resolved (fixed in 4.1-1)
GHSA
GHSA-wp8h-3f2r-jqrj: CRLF injection vulnerability in Squid before 3
ghsa_unreviewed·2022-05-17
CVE-2015-0881 [MEDIUM] GHSA-wp8h-3f2r-jqrj: CRLF injection vulnerability in Squid before 3
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
OSV
CVE-2015-0881: CRLF injection vulnerability in Squid before 3
osv·2015-02-20·CVSS 4.3
CVE-2015-0881 [MEDIUM] CVE-2015-0881: CRLF injection vulnerability in Squid before 3
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
No detection rules found.
No public exploits indexed.
2015-02-20
Published