Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-10002

Published: 27/01/2017 Updated: 05/01/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Debian

Vulnerability Summary

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 up to and including 3.1.23, 3.2.0.3 up to and including 3.5.22, and 4.0.1 up to and including 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 8.0

squid-cache squid 3.1.12

squid-cache squid 3.1.14

squid-cache squid 3.1.21

squid-cache squid 3.1.22

squid-cache squid 3.1.15

squid-cache squid 3.1.16

squid-cache squid 3.1.10

squid-cache squid 3.1.11

squid-cache squid 3.1.19

squid-cache squid 3.1.20

squid-cache squid 3.1.23

squid-cache squid 3.1.17

squid-cache squid 3.1.18

squid-cache squid 3.2.0.14

squid-cache squid 3.2.0.15

squid-cache squid 3.2.0.6

squid-cache squid 3.2.0.7

squid-cache squid 3.2.13

squid-cache squid 3.2.2

squid-cache squid 3.2.9

squid-cache squid 3.2.14

squid-cache squid 3.2.0.16

squid-cache squid 3.2.0.17

squid-cache squid 3.2.0.18

squid-cache squid 3.2.0.8

squid-cache squid 3.2.0.9

squid-cache squid 3.2.3

squid-cache squid 3.2.4

squid-cache squid 3.2.0.12

squid-cache squid 3.2.0.13

squid-cache squid 3.2.0.4

squid-cache squid 3.2.0.5

squid-cache squid 3.2.11

squid-cache squid 3.2.12

squid-cache squid 3.2.7

squid-cache squid 3.2.8

squid-cache squid 3.2.0.10

squid-cache squid 3.2.0.11

squid-cache squid 3.2.0.19

squid-cache squid 3.2.0.3

squid-cache squid 3.2.1

squid-cache squid 3.2.10

squid-cache squid 3.2.5

squid-cache squid 3.2.6

squid-cache squid 3.3.0.1

squid-cache squid 3.3.13

squid-cache squid 3.3.14

squid-cache squid 3.3.8

squid-cache squid 3.3.9

squid-cache squid 3.3.0.2

squid-cache squid 3.3.0.3

squid-cache squid 3.3.2

squid-cache squid 3.3.3

squid-cache squid 3.3.11

squid-cache squid 3.3.12

squid-cache squid 3.3.6

squid-cache squid 3.3.7

squid-cache squid 3.3.1

squid-cache squid 3.3.10

squid-cache squid 3.3.4

squid-cache squid 3.3.5

squid-cache squid 3.4.10

squid-cache squid 3.4.11

squid-cache squid 3.4.12

squid-cache squid 3.4.0.4

squid-cache squid 3.4.0.1

squid-cache squid 3.4.5

squid-cache squid 3.4.13

squid-cache squid 3.4.14

squid-cache squid 3.4.0.2

squid-cache squid 3.4.0.3

squid-cache squid 3.4.8

squid-cache squid 3.4.9

squid-cache squid 3.4.3

squid-cache squid 3.4.4

squid-cache squid 3.4.6

squid-cache squid 3.4.7

squid-cache squid 3.4.1

squid-cache squid 3.4.2

squid-cache squid 3.5.6

squid-cache squid 3.5.7

squid-cache squid 3.5.15

squid-cache squid 3.5.16

squid-cache squid 3.5.0.1

squid-cache squid 3.5.0.2

squid-cache squid 3.5.8

squid-cache squid 3.5.9

squid-cache squid 3.5.17

squid-cache squid 3.5.18

squid-cache squid 3.5.0.3

squid-cache squid 3.5.0.4

squid-cache squid 3.5.4

squid-cache squid 3.5.5

squid-cache squid 3.5.12

squid-cache squid 3.5.13

squid-cache squid 3.5.14

squid-cache squid 3.5.21

squid-cache squid 3.5.22

squid-cache squid 3.5.3

squid-cache squid 3.5.10

squid-cache squid 3.5.11

squid-cache squid 3.5.19

squid-cache squid 3.5.20

squid-cache squid 3.5.1

squid-cache squid 3.5.2

squid-cache squid 4.0.8

squid-cache squid 4.0.9

squid-cache squid 4.0.1

squid-cache squid 4.0.2

squid-cache squid 4.0.10

squid-cache squid 4.0.11

squid-cache squid 4.0.3

squid-cache squid 4.0.5

squid-cache squid 4.0.7

squid-cache squid 4.0.15

squid-cache squid 4.0.16

squid-cache squid 4.0.12

squid-cache squid 4.0.13

squid-cache squid 4.0.14

squid-cache squid 4.0.4

squid-cache squid 4.0.6

Vendor Advisories

Ubuntu Security Notice: squid3 vulnerabilities
Squid could be made to expose sensitive information over the network ...
Red Hat: Moderate: squid security update
Synopsis Moderate: squid security update Type/Severity Security Advisory: Moderate Topic An update for squid is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Moderate: squid34 security update
Synopsis Moderate: squid34 security update Type/Severity Security Advisory: Moderate Topic An update for squid34 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Debian CVElist Bug Report Logs: squid3: CVE-2016-10002: SQUID-2016:11: Information disclosure in HTTP Request processing
Debian Bug report logs - #848493 squid3: CVE-2016-10002: SQUID-2016:11: Information disclosure in HTTP Request processing Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 17 Dec 2016 15:57:04 UTC Severity: grave Tags ...
Debian CVElist Bug Report Logs: squid3: SQUID-2016:10: Information disclosure in Collapsed Forwarding
Debian Bug report logs - #848491 squid3: SQUID-2016:10: Information disclosure in Collapsed Forwarding Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 17 Dec 2016 15:51:02 UTC Severity: grave Tags: fixed-upstream, p ...
Debian Security Advisories: DSA-3745-1 squid3 -- security update
Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients A remote attacker can take advantage of this flaw to discover private a ...

References

CWE-200http://www.squid-cache.org/Advisories/SQUID-2016_11.txthttp://www.securitytracker.com/id/1037513http://www.securityfocus.com/bid/94953http://www.openwall.com/lists/oss-security/2016/12/18/1http://www.debian.org/security/2016/dsa-3745http://rhn.redhat.com/errata/RHSA-2017-0183.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0182.htmlhttps://usn.ubuntu.com/3192-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook