Описание
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3.5.12-1ubuntu9 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [3.3.8-1ubuntu6.9]] |
| esm-infra/xenial | released | 3.5.12-1ubuntu7.3 |
| precise | released | 3.1.19-1ubuntu3.12.04.8 |
| trusty | released | 3.3.8-1ubuntu6.9 |
| trusty/esm | DNE | trusty was released [3.3.8-1ubuntu6.9] |
| upstream | released | 3.5.23-1 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 3.5.12-1ubuntu7.3 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
Incorrect processing of responses to If-None-Modified HTTP conditional ...
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3