Your submission was sent successfully! Close

CVE-2016-10003

Published: 27 January 2017

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
squid3
Launchpad, Ubuntu, Debian
precise Not vulnerable
(3.1.19-1ubuntu3.12.04.7)
trusty Does not exist
(trusty was not-affected [3.3.8-1ubuntu6.8])
upstream
Released (3.5.23-1)
xenial
Released (3.5.12-1ubuntu7.3)
yakkety
Released (3.5.12-1ubuntu8.1)