CVE-2016-10002

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
debiandebian_linux
8.0
squid-cachesquid
3.1.10
squid-cachesquid
3.1.11
squid-cachesquid
3.1.12
squid-cachesquid
3.1.14
squid-cachesquid
3.1.15
squid-cachesquid
3.1.16
squid-cachesquid
3.1.17
squid-cachesquid
3.1.18
squid-cachesquid
3.1.19
squid-cachesquid
3.1.20
squid-cachesquid
3.1.21
squid-cachesquid
3.1.22
squid-cachesquid
3.1.23
squid-cachesquid
3.2.0.3
squid-cachesquid
3.2.0.4
squid-cachesquid
3.2.0.5
squid-cachesquid
3.2.0.6
squid-cachesquid
3.2.0.7
squid-cachesquid
3.2.0.8
squid-cachesquid
3.2.0.9
squid-cachesquid
3.2.0.10
squid-cachesquid
3.2.0.11
squid-cachesquid
3.2.0.12
squid-cachesquid
3.2.0.13
squid-cachesquid
3.2.0.14
squid-cachesquid
3.2.0.15
squid-cachesquid
3.2.0.16
squid-cachesquid
3.2.0.17
squid-cachesquid
3.2.0.18
squid-cachesquid
3.2.0.19
squid-cachesquid
3.2.1
squid-cachesquid
3.2.2
squid-cachesquid
3.2.3
squid-cachesquid
3.2.4
squid-cachesquid
3.2.5
squid-cachesquid
3.2.6
squid-cachesquid
3.2.7
squid-cachesquid
3.2.8
squid-cachesquid
3.2.9
squid-cachesquid
3.2.10
squid-cachesquid
3.2.11
squid-cachesquid
3.2.12
squid-cachesquid
3.2.13
squid-cachesquid
3.2.14
squid-cachesquid
3.3.0.1
squid-cachesquid
3.3.0.2
squid-cachesquid
3.3.0.3
squid-cachesquid
3.3.1
squid-cachesquid
3.3.2
squid-cachesquid
3.3.3
squid-cachesquid
3.3.4
squid-cachesquid
3.3.5
squid-cachesquid
3.3.6
squid-cachesquid
3.3.7
squid-cachesquid
3.3.8
squid-cachesquid
3.3.9
squid-cachesquid
3.3.10
squid-cachesquid
3.3.11
squid-cachesquid
3.3.12
squid-cachesquid
3.3.13
squid-cachesquid
3.3.14
squid-cachesquid
3.4.0.1
squid-cachesquid
3.4.0.2
squid-cachesquid
3.4.0.3
squid-cachesquid
3.4.0.4
squid-cachesquid
3.4.1
squid-cachesquid
3.4.2
squid-cachesquid
3.4.3
squid-cachesquid
3.4.4
squid-cachesquid
3.4.5
squid-cachesquid
3.4.6
squid-cachesquid
3.4.7
squid-cachesquid
3.4.8
squid-cachesquid
3.4.9
squid-cachesquid
3.4.10
squid-cachesquid
3.4.11
squid-cachesquid
3.4.12
squid-cachesquid
3.4.13
squid-cachesquid
3.4.14
squid-cachesquid
3.5.0.1
squid-cachesquid
3.5.0.2
squid-cachesquid
3.5.0.3
squid-cachesquid
3.5.0.4
squid-cachesquid
3.5.1
squid-cachesquid
3.5.2
squid-cachesquid
3.5.3
squid-cachesquid
3.5.4
squid-cachesquid
3.5.5
squid-cachesquid
3.5.6
squid-cachesquid
3.5.7
squid-cachesquid
3.5.8
squid-cachesquid
3.5.9
squid-cachesquid
3.5.10
squid-cachesquid
3.5.11
squid-cachesquid
3.5.12
squid-cachesquid
3.5.13
squid-cachesquid
3.5.14
squid-cachesquid
3.5.15
squid-cachesquid
3.5.16
squid-cachesquid
3.5.17
squid-cachesquid
3.5.18
squid-cachesquid
3.5.19
squid-cachesquid
3.5.20
squid-cachesquid
3.5.21
squid-cachesquid
3.5.22
squid-cachesquid
4.0.1
squid-cachesquid
4.0.2
squid-cachesquid
4.0.3
squid-cachesquid
4.0.4
squid-cachesquid
4.0.5
squid-cachesquid
4.0.6
squid-cachesquid
4.0.7
squid-cachesquid
4.0.8
squid-cachesquid
4.0.9
squid-cachesquid
4.0.10
squid-cachesquid
4.0.11
squid-cachesquid
4.0.12
squid-cachesquid
4.0.13
squid-cachesquid
4.0.14
squid-cachesquid
4.0.15
squid-cachesquid
4.0.16
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid3
yakkety
Fixed 3.5.12-1ubuntu8.1
released
xenial
Fixed 3.5.12-1ubuntu7.3
released
trusty
Fixed 3.3.8-1ubuntu6.9
released
precise
Fixed 3.1.19-1ubuntu3.12.04.8
released
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2017-0182.html
http://rhn.redhat.com/errata/RHSA-2017-0183.html
http://www.debian.org/security/2016/dsa-3745
http://www.openwall.com/lists/oss-security/2016/12/18/1
http://www.securityfocus.com/bid/94953
http://www.securitytracker.com/id/1037513
http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
http://rhn.redhat.com/errata/RHSA-2017-0182.html
http://rhn.redhat.com/errata/RHSA-2017-0183.html
http://www.debian.org/security/2016/dsa-3745
http://www.openwall.com/lists/oss-security/2016/12/18/1
http://www.securityfocus.com/bid/94953
http://www.securitytracker.com/id/1037513
http://www.squid-cache.org/Advisories/SQUID-2016_11.txt