Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/12/18/1 | Mailing List Patch Third Party Advisory |
http://www.securityfocus.com/bid/94953 | Broken Link Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037512 | Broken Link Third Party Advisory VDB Entry |
http://www.squid-cache.org/Advisories/SQUID-2016_10.txt | Patch Vendor Advisory |
http://www.openwall.com/lists/oss-security/2016/12/18/1 | Mailing List Patch Third Party Advisory |
http://www.securityfocus.com/bid/94953 | Broken Link Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037512 | Broken Link Third Party Advisory VDB Entry |
http://www.squid-cache.org/Advisories/SQUID-2016_10.txt | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2016/12/18/1 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/94953 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1037512 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.squid-cache.org/Advisories/SQUID-2016_10.txt - Patch, Vendor Advisory |
02 Feb 2024, 03:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* |
Information
Published : 2017-01-27 17:59
Updated : 2024-11-21 02:43
NVD link : CVE-2016-10003
Mitre link : CVE-2016-10003
CVE.ORG link : CVE-2016-10003
JSON object : View
Products Affected
squid-cache
- squid
CWE
CWE-697
Incorrect Comparison