Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification including (1) multiple Content-Length headers (2) carriage return (CR) characters that are not part of a CRLF pair and (3) header names containing whitespace characters.