Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-10003

Опубликовано: 27 янв. 2017
Источник: debian

Описание

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
squid3fixed3.5.23-1package
squid3not-affectedjessiepackage
squid3not-affectedwheezypackage

Примечания

  • Marked as not-affected, vulnerable vulnerability not present due to

  • the collapsed_forwarding directive beeing added in 3.5.0.1 only

  • http://www.squid-cache.org/Advisories/SQUID-2016_10.txt

  • http://www.squid-cache.org/Versions/v4/changesets/squid-4-14956.patch

  • http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch (for squid-3.5 excluding 3.5.22)

  • http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14127.patch (for squid 3.5.22 only)

  • Vulnerable Squid Versions:

  • 3.5.0.1 up to and including 3.5.22

  • 4.0.1 up to and including 4.0.16

  • https://www.openwall.com/lists/oss-security/2016/12/17/1

Связанные уязвимости

ubuntu логотип

CVE-2016-10003

CVSS3: 7.5
ubuntu
около 9 лет назад

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

redhat логотип

CVE-2016-10003

CVSS3: 3.7
redhat
около 9 лет назад

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

nvd логотип

CVE-2016-10003

CVSS3: 7.5
nvd
около 9 лет назад

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

github логотип

GHSA-96r9-hr2x-h9g7

CVSS3: 7.5
github
больше 3 лет назад

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

suse-cvrf логотип

openSUSE-SU-2017:0192-1

suse-cvrf
около 9 лет назад

Security update for squid