From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/8.0.3.3

Description of problem:
05.19.16 CVE: Not Available
Platform: Unix
Title: Squid Proxy Unspecified DNS Spoofing
Description: Squid Proxy is a freely available, open source web proxy
software package. Squid Proxy is affected by an unspecified DNS
spoofing vulnerability. Squid Proxy versions 2.5 and earlier are known
to be vulnerable.
Ref: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query 

(2) MODERATE: Multiple Vendor HTTP Request Smuggling
Affected:
Configurations involving a number of popular web proxy/cache servers and
web application firewalls

Description: A new attack technique named "HTTP Request Smuggling" has
been reported to affect configurations that involve one or more web
entities (i.e. a web proxy server, a web cache server or a web
application firewall) between a user and a web server. The attack can
be carried out by crafting back-to-back HTTP requests that are
interpreted differently by the web entities. For example, if an HTTP
request is crafted with two distinct HTTP "Content-Length" headers, the
two web entities may process the same request by honoring either the
first or the last "Content-Length" header. The discoverers have shown
how an attacker can exploit such behaviors by crafting HTTP requests
that may result in web cache poisoning, bypassing the web firewall,
cross-site scripting (requiring no user interaction) or session
hijacking. The vulnerable example configurations listed in the
discoverers' posting include Sun ONE proxy server, Sun ONE webserver,
CheckPoint Firewall, Microsoft IIS server, Microsoft ISA server, Apache,
Jakarta Tomcat server, IBM WebSphere, BEA WebLogic, Oracle9iAS, Squid,
Delegate and Oracle WebCache.

Status: Squid and CheckPoint have distributed patches. The status
regarding other vendors is not currently known.

Council Site Actions: Two council sites are still evaluating if they are
vulnerable. One site has already patched their system.

References:
Watchfire Whitepaper
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf  
SecurityFocus BID
http://www.securityfocus.com/bid/13873 

05.23.14 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendor Multiple HTTP Request Smuggling
Description: Multiple vendors are prone to a new class of attack named
"HTTP Request Smuggling". This class of attack basically revolves
around piggybacking a HTTP request inside of another HTTP request. By
leveraging failures to implement the HTTP/1.1 RFC properly, it is
demonstrated that this class of attack may result in cache poisoning,
cross-site scripting, session hijacking and other attacks. Reports
indicate that Microsoft IIS 5.0 is affected.
Ref: http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf 

05.37.15 CVE: CAN-2005-2794
Platform: Unix
Title: Squid Proxy Aborted Requests Remote Denial of Service
Description: Squid Proxy is a freely available, open source Web proxy
software package. A remote denial of service vulnerability affects the
Squid Proxy. This issue is due to a failure of the application to
properly handle exceptional network requests. A remote attacker may
leverage this issue to crash the affected Squid Proxy, denying service
to legitimate users.
Ref: http://www.securityfocus.com/bid/14761

05.40.12 CVE: CAN-2005-2917
Platform: Unix
Title: Squid Proxy Client NTLM Authentication Denial of Service
Description: Squid Proxy is a web proxy software package. It is
reported to be vulnerable to a denial of service issue. The issue
presents itself when proxy handles certain NTLM request sequences.
Squid Web Proxy Cache version 2.5 .STABLE9 is reported to be
vulnerable.
Ref: http://www.securityfocus.com/bid/14977

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info: