CVE-2016-10003

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-10003
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10003.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10003
Downstream
Related
Published
2017-01-27T17:59:00.180Z
Modified
2026-03-15T22:03:42.845750Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Introduced
76249d3f79580a0fb63d3e91cf6826e297b87d6e
Fixed
4fef4b02fa0fb9892b6add644d30e326ef11a918
Introduced
1243ec712bf76c549ba7f48fcdc30d98ce550449
Fixed
3f422b10d779df353482d0b2b2b8f7f9d03cf593
Database specific 
{
    "versions": [
        {
            "introduced": "3.5.0.1"
        },
        {
            "fixed": "3.5.23"
        },
        {
            "introduced": "4.0.1"
        },
        {
            "fixed": "4.0.17"
        }
    ]
}

Affected versions

Other
SQUID_3_5_0_1
SQUID_3_5_0_2
SQUID_3_5_0_3
SQUID_3_5_0_4
SQUID_3_5_1
SQUID_3_5_10
SQUID_3_5_11
SQUID_3_5_12
SQUID_3_5_13
SQUID_3_5_14
SQUID_3_5_15
SQUID_3_5_16
SQUID_3_5_17
SQUID_3_5_18
SQUID_3_5_19
SQUID_3_5_2
SQUID_3_5_20
SQUID_3_5_21
SQUID_3_5_22
SQUID_3_5_3
SQUID_3_5_4
SQUID_3_5_5
SQUID_3_5_6
SQUID_3_5_7
SQUID_3_5_8
SQUID_3_5_9
SQUID_4_0_1
SQUID_4_0_10
SQUID_4_0_11
SQUID_4_0_12
SQUID_4_0_13
SQUID_4_0_14
SQUID_4_0_15
SQUID_4_0_16
SQUID_4_0_2
SQUID_4_0_3
SQUID_4_0_4
SQUID_4_0_5
SQUID_4_0_6
SQUID_4_0_7
SQUID_4_0_8
SQUID_4_0_9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10003.json"