Felix Hassert

**Name of the Vulnerable Software and Affected Versions** Squid HTTP Proxy versions 3.5.0.1 through 3.5.22 Squid HTTP Proxy versions 4.0.1 through 4.0.16 **Description** The issue arises from an incorrect comparison of HTTP Request headers in the Squid HTTP Proxy, leading to the Collapsed Forwarding feature mistakenly identifying some private responses as suitable for delivery to multiple clients. **Recommendations** For Squid HTTP Proxy versions 3.5.0.1 through 3.5.22, update to a version outside of this range to resolve the issue. For Squid HTTP Proxy versions 4.0.1 through 4.0.16, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the Collapsed Forwarding feature until a patch is available.