Your submission was sent successfully! Close

CVE-2016-10002

Published: 27 January 2017

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
squid3
Launchpad, Ubuntu, Debian
precise
Released (3.1.19-1ubuntu3.12.04.8)
trusty Does not exist
(trusty was released [3.3.8-1ubuntu6.9])
upstream
Released (3.5.23-1)
xenial
Released (3.5.12-1ubuntu7.3)
yakkety
Released (3.5.12-1ubuntu8.1)