CVE-2016-10003

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
References
Link Resource
http://www.openwall.com/lists/oss-security/2016/12/18/1 Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/94953 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037512 Broken Link Third Party Advisory VDB Entry
http://www.squid-cache.org/Advisories/SQUID-2016_10.txt Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/12/18/1 Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/94953 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037512 Broken Link Third Party Advisory VDB Entry
http://www.squid-cache.org/Advisories/SQUID-2016_10.txt Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:43

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2016/12/18/1 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2016/12/18/1 - Mailing List, Patch, Third Party Advisory
References () http://www.securityfocus.com/bid/94953 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/94953 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1037512 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1037512 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.squid-cache.org/Advisories/SQUID-2016_10.txt - Patch, Vendor Advisory () http://www.squid-cache.org/Advisories/SQUID-2016_10.txt - Patch, Vendor Advisory

02 Feb 2024, 03:03

Type Values Removed Values Added
CPE cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
CPE cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Information

Published : 2017-01-27 17:59

Updated : 2024-11-21 02:43


NVD link : CVE-2016-10003

Mitre link : CVE-2016-10003

CVE.ORG link : CVE-2016-10003


JSON object : View

Products Affected

squid-cache

  • squid
CWE
CWE-697

Incorrect Comparison