CVE-2016-10002

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-10002
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10002.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10002
Downstream
Related
Published
2017-01-27T17:59:00.133Z
Modified
2026-02-24T07:50:53.333944Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
af550ae944efbe50221fa9080d0eb17b724a743e

Affected versions

Other
BASIC_TPROXY4
HISTORIC_RELEASES
SQUID_3_0_PRE1
SQUID_3_0_PRE2
SQUID_3_0_PRE3
SQUID_3_0_PRE4
SQUID_3_0_PRE5
SQUID_3_0_PRE6
SQUID_3_0_PRE7
SQUID_3_0_RC1
SQUID_3_1_0_1
SQUID_3_1_0_10
SQUID_3_1_0_11
SQUID_3_1_0_12
SQUID_3_1_0_13
SQUID_3_1_0_14
SQUID_3_1_0_15
SQUID_3_1_0_16
SQUID_3_1_0_17
SQUID_3_1_0_18
SQUID_3_1_0_2
SQUID_3_1_0_3
SQUID_3_1_0_4
SQUID_3_1_0_5
SQUID_3_1_0_6
SQUID_3_1_0_7
SQUID_3_1_0_8
SQUID_3_1_0_9
SQUID_3_1_1
SQUID_3_1_10
SQUID_3_1_2
SQUID_3_1_3
SQUID_3_1_4
SQUID_3_1_5
SQUID_3_1_5_1
SQUID_3_1_6
SQUID_3_1_7
SQUID_3_1_8
SQUID_3_1_9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10002.json"