Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-10002

Опубликовано: 16 дек. 2016
Источник: redhat
CVSS3: 5.3
CVSS2: 4.3
EPSS Средний

Описание

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5squidNot affected
Red Hat Enterprise Linux 6squidWill not fix
Red Hat Enterprise Linux 6squid34FixedRHSA-2017:018324.01.2017
Red Hat Enterprise Linux 7squidFixedRHSA-2017:018224.01.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1405941squid: Information disclosure in HTTP request processing

EPSS

Процентиль: 97%
0.30071
Средний

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-10002

CVSS3: 7.5
ubuntu
около 9 лет назад

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

nvd логотип

CVE-2016-10002

CVSS3: 7.5
nvd
около 9 лет назад

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

debian логотип

CVE-2016-10002

CVSS3: 7.5
debian
около 9 лет назад

Incorrect processing of responses to If-None-Modified HTTP conditional ...

github логотип

GHSA-mgr8-2fmh-mcqw

CVSS3: 7.5
github
больше 3 лет назад

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

oracle-oval логотип

ELSA-2017-0183

oracle-oval
около 9 лет назад

ELSA-2017-0183: squid34 security update (MODERATE)

EPSS

Процентиль: 97%
0.30071
Средний

5.3 Medium

CVSS3

4.3 Medium

CVSS2