ALT-PU-2016-2464-1
Closed vulnerabilities
Published: 2017-01-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-10002
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- RHSA-2017:0182
- RHSA-2017:0182
- RHSA-2017:0183
- RHSA-2017:0183
- DSA-3745
- DSA-3745
- [oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues
- [oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues
- 94953
- 94953
- 1037513
- 1037513
- http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
- http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
Published: 2017-01-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-10003
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- [oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues
- [oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues
- 94953
- 94953
- 1037512
- 1037512
- http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
- http://www.squid-cache.org/Advisories/SQUID-2016_10.txt