CVE-2015-0881 — HTTP Request/Response Splitting in Squid

CWE-113 — HTTP Request/Response Splitting7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

4.4%

top 11.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Squid-cache Squid

Timeline

PublishedFeb 20

Latest updateMay 17

Description

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debiansquid/squid< 4.1-1+3

▶NVDsquid-cache/squid3.1.0.18

🔴Vulnerability Details

GHSA

GHSA-wp8h-3f2r-jqrj: CRLF injection vulnerability in Squid before 3↗2022-05-17

▶

CVEList

CVE-2015-0881: CRLF injection vulnerability in Squid before 3↗2015-02-20

▶

OSV

CVE-2015-0881: CRLF injection vulnerability in Squid before 3↗2015-02-20

▶

📋Vendor Advisories

Red Hat

squid: CRLF injection flaw permitting HTTP response splitting attacks↗2015-03-06

▶

Debian

CVE-2015-0881: squid - CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to in...↗2015

▶

💬Community

Bugzilla

CVE-2015-0881 squid: CRLF injection flaw permitting HTTP response splitting attacks↗2015-03-06

▶