Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-10002

Опубликовано: 27 янв. 2017
Источник: debian
EPSS Средний

Описание

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
squid3fixed3.5.23-1package

Примечания

  • http://www.squid-cache.org/Advisories/SQUID-2016_11.txt

  • http://bugs.squid-cache.org/show_bug.cgi?id=4169

  • http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_11.patch

  • http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_11.patch

  • http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_11.patch

  • http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_11.patch

  • http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_11.patch

  • http://www.squid-cache.org/Versions/v4/changesets/SQUID-2016_11.patch

  • Vulnerable squid versions:

  • 3.1.10 up to and including 3.1.23

  • 3.2.0.3 up to and including 3.5.22

  • 4.0.1 up to and including 4.0.16

  • https://www.openwall.com/lists/oss-security/2016/12/17/1

EPSS

Процентиль: 96%
0.30071
Средний

Связанные уязвимости

ubuntu логотип

CVE-2016-10002

CVSS3: 7.5
ubuntu
почти 9 лет назад

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

redhat логотип

CVE-2016-10002

CVSS3: 5.3
redhat
почти 9 лет назад

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

nvd логотип

CVE-2016-10002

CVSS3: 7.5
nvd
почти 9 лет назад

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

github логотип

GHSA-mgr8-2fmh-mcqw

CVSS3: 7.5
github
больше 3 лет назад

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

oracle-oval логотип

ELSA-2017-0183

oracle-oval
почти 9 лет назад

ELSA-2017-0183: squid34 security update (MODERATE)

EPSS

Процентиль: 96%
0.30071
Средний