Squid < HTTP Header Injection Vulnerability

Medium Nessus Plugin ID 82530


The remote proxy server is affected by an HTTP header injection vulnerability.


According to its banner, the version of Squid is 0.x, 1.x, 2.x and 3.x earlier than Such versions are potentially affected by an HTTP Header Injection vulnerability. A remote attacker, exploiting this flaw could create a CRLF condition. (CVE-2015-0881)


Upgrade to Squid version or later.

See Also



Plugin Details

Severity: Medium

ID: 82530

File Name: squid_3_1_0_10.nasl

Version: $Revision: 1.2 $

Type: remote

Family: Firewalls

Published: 2015/04/02

Modified: 2015/04/03

Dependencies: 49692

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:squid-cache:squid

Required KB Items: www/squid, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/03/27

Vulnerability Publication Date: 2015/03/27

Reference Information

CVE: CVE-2015-0881

BID: 72703

OSVDB: 118595