1. Home
  2. Vulnerabilities
  3. CVE-2016-10002

CVE-2016-10002

CVSS v3.0 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.46 % (76th)
0.46% Progress
Affected Products 2
Advisories 12
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2017-01-27 17:59:00
(7 years ago)
Updated Date
2018-01-05 02:30:31
(6 years ago)

Affected Products

Debian

Squid-cache

Configuration #1

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0

Configuration #2

    CPE23 From Up To
  Squid-cache Squid 3.1.10 cpe:2.3:a:squid-cache:squid:3.1.10
  Squid-cache Squid 3.1.11 cpe:2.3:a:squid-cache:squid:3.1.11
  Squid-cache Squid 3.1.12 cpe:2.3:a:squid-cache:squid:3.1.12
  Squid-cache Squid 3.1.14 cpe:2.3:a:squid-cache:squid:3.1.14
  Squid-cache Squid 3.1.15 cpe:2.3:a:squid-cache:squid:3.1.15
  Squid-cache Squid 3.1.16 cpe:2.3:a:squid-cache:squid:3.1.16
  Squid-cache Squid 3.1.17 cpe:2.3:a:squid-cache:squid:3.1.17
  Squid-cache Squid 3.1.18 cpe:2.3:a:squid-cache:squid:3.1.18
  Squid-cache Squid 3.1.19 cpe:2.3:a:squid-cache:squid:3.1.19
  Squid-cache Squid 3.1.20 cpe:2.3:a:squid-cache:squid:3.1.20
  Squid-cache Squid 3.1.21 cpe:2.3:a:squid-cache:squid:3.1.21
  Squid-cache Squid 3.1.22 cpe:2.3:a:squid-cache:squid:3.1.22
  Squid-cache Squid 3.1.23 cpe:2.3:a:squid-cache:squid:3.1.23

Configuration #3

    CPE23 From Up To
  Squid-cache Squid 3.2.0.3 cpe:2.3:a:squid-cache:squid:3.2.0.3
  Squid-cache Squid 3.2.0.4 cpe:2.3:a:squid-cache:squid:3.2.0.4
  Squid-cache Squid 3.2.0.5 cpe:2.3:a:squid-cache:squid:3.2.0.5
  Squid-cache Squid 3.2.0.6 cpe:2.3:a:squid-cache:squid:3.2.0.6
  Squid-cache Squid 3.2.0.7 cpe:2.3:a:squid-cache:squid:3.2.0.7
  Squid-cache Squid 3.2.0.8 cpe:2.3:a:squid-cache:squid:3.2.0.8
  Squid-cache Squid 3.2.0.9 cpe:2.3:a:squid-cache:squid:3.2.0.9
  Squid-cache Squid 3.2.0.10 cpe:2.3:a:squid-cache:squid:3.2.0.10
  Squid-cache Squid 3.2.0.11 cpe:2.3:a:squid-cache:squid:3.2.0.11
  Squid-cache Squid 3.2.0.12 cpe:2.3:a:squid-cache:squid:3.2.0.12
  Squid-cache Squid 3.2.0.13 cpe:2.3:a:squid-cache:squid:3.2.0.13
  Squid-cache Squid 3.2.0.14 cpe:2.3:a:squid-cache:squid:3.2.0.14
  Squid-cache Squid 3.2.0.15 cpe:2.3:a:squid-cache:squid:3.2.0.15
  Squid-cache Squid 3.2.0.16 cpe:2.3:a:squid-cache:squid:3.2.0.16
  Squid-cache Squid 3.2.0.17 cpe:2.3:a:squid-cache:squid:3.2.0.17
  Squid-cache Squid 3.2.0.18 cpe:2.3:a:squid-cache:squid:3.2.0.18
  Squid-cache Squid 3.2.0.19 cpe:2.3:a:squid-cache:squid:3.2.0.19
  Squid-cache Squid 3.2.1 cpe:2.3:a:squid-cache:squid:3.2.1
  Squid-cache Squid 3.2.2 cpe:2.3:a:squid-cache:squid:3.2.2
  Squid-cache Squid 3.2.3 cpe:2.3:a:squid-cache:squid:3.2.3
  Squid-cache Squid 3.2.4 cpe:2.3:a:squid-cache:squid:3.2.4
  Squid-cache Squid 3.2.5 cpe:2.3:a:squid-cache:squid:3.2.5
  Squid-cache Squid 3.2.6 cpe:2.3:a:squid-cache:squid:3.2.6
  Squid-cache Squid 3.2.7 cpe:2.3:a:squid-cache:squid:3.2.7
  Squid-cache Squid 3.2.8 cpe:2.3:a:squid-cache:squid:3.2.8
  Squid-cache Squid 3.2.9 cpe:2.3:a:squid-cache:squid:3.2.9
  Squid-cache Squid 3.2.10 cpe:2.3:a:squid-cache:squid:3.2.10
  Squid-cache Squid 3.2.11 cpe:2.3:a:squid-cache:squid:3.2.11
  Squid-cache Squid 3.2.12 cpe:2.3:a:squid-cache:squid:3.2.12
  Squid-cache Squid 3.2.13 cpe:2.3:a:squid-cache:squid:3.2.13
  Squid-cache Squid 3.2.14 cpe:2.3:a:squid-cache:squid:3.2.14

Configuration #4

    CPE23 From Up To
  Squid-cache Squid 3.3.0.1 cpe:2.3:a:squid-cache:squid:3.3.0.1
  Squid-cache Squid 3.3.0.2 cpe:2.3:a:squid-cache:squid:3.3.0.2
  Squid-cache Squid 3.3.0.3 cpe:2.3:a:squid-cache:squid:3.3.0.3
  Squid-cache Squid 3.3.1 cpe:2.3:a:squid-cache:squid:3.3.1
  Squid-cache Squid 3.3.2 cpe:2.3:a:squid-cache:squid:3.3.2
  Squid-cache Squid 3.3.3 cpe:2.3:a:squid-cache:squid:3.3.3
  Squid-cache Squid 3.3.4 cpe:2.3:a:squid-cache:squid:3.3.4
  Squid-cache Squid 3.3.5 cpe:2.3:a:squid-cache:squid:3.3.5
  Squid-cache Squid 3.3.6 cpe:2.3:a:squid-cache:squid:3.3.6
  Squid-cache Squid 3.3.7 cpe:2.3:a:squid-cache:squid:3.3.7
  Squid-cache Squid 3.3.8 cpe:2.3:a:squid-cache:squid:3.3.8
  Squid-cache Squid 3.3.9 cpe:2.3:a:squid-cache:squid:3.3.9
  Squid-cache Squid 3.3.10 cpe:2.3:a:squid-cache:squid:3.3.10
  Squid-cache Squid 3.3.11 cpe:2.3:a:squid-cache:squid:3.3.11
  Squid-cache Squid 3.3.12 cpe:2.3:a:squid-cache:squid:3.3.12
  Squid-cache Squid 3.3.13 cpe:2.3:a:squid-cache:squid:3.3.13
  Squid-cache Squid 3.3.14 cpe:2.3:a:squid-cache:squid:3.3.14

Configuration #5

    CPE23 From Up To
  Squid-cache Squid 3.4.0.1 cpe:2.3:a:squid-cache:squid:3.4.0.1
  Squid-cache Squid 3.4.0.2 cpe:2.3:a:squid-cache:squid:3.4.0.2
  Squid-cache Squid 3.4.0.3 cpe:2.3:a:squid-cache:squid:3.4.0.3
  Squid-cache Squid 3.4.0.4 cpe:2.3:a:squid-cache:squid:3.4.0.4
  Squid-cache Squid 3.4.1 cpe:2.3:a:squid-cache:squid:3.4.1
  Squid-cache Squid 3.4.2 cpe:2.3:a:squid-cache:squid:3.4.2
  Squid-cache Squid 3.4.3 cpe:2.3:a:squid-cache:squid:3.4.3
  Squid-cache Squid 3.4.4 cpe:2.3:a:squid-cache:squid:3.4.4
  Squid-cache Squid 3.4.5 cpe:2.3:a:squid-cache:squid:3.4.5
  Squid-cache Squid 3.4.6 cpe:2.3:a:squid-cache:squid:3.4.6
  Squid-cache Squid 3.4.7 cpe:2.3:a:squid-cache:squid:3.4.7
  Squid-cache Squid 3.4.8 cpe:2.3:a:squid-cache:squid:3.4.8
  Squid-cache Squid 3.4.9 cpe:2.3:a:squid-cache:squid:3.4.9
  Squid-cache Squid 3.4.10 cpe:2.3:a:squid-cache:squid:3.4.10
  Squid-cache Squid 3.4.11 cpe:2.3:a:squid-cache:squid:3.4.11
  Squid-cache Squid 3.4.12 cpe:2.3:a:squid-cache:squid:3.4.12
  Squid-cache Squid 3.4.13 cpe:2.3:a:squid-cache:squid:3.4.13
  Squid-cache Squid 3.4.14 cpe:2.3:a:squid-cache:squid:3.4.14

Configuration #6

    CPE23 From Up To
  Squid-cache Squid 3.5.0.1 cpe:2.3:a:squid-cache:squid:3.5.0.1
  Squid-cache Squid 3.5.0.2 cpe:2.3:a:squid-cache:squid:3.5.0.2
  Squid-cache Squid 3.5.0.3 cpe:2.3:a:squid-cache:squid:3.5.0.3
  Squid-cache Squid 3.5.0.4 cpe:2.3:a:squid-cache:squid:3.5.0.4
  Squid-cache Squid 3.5.1 cpe:2.3:a:squid-cache:squid:3.5.1
  Squid-cache Squid 3.5.2 cpe:2.3:a:squid-cache:squid:3.5.2
  Squid-cache Squid 3.5.3 cpe:2.3:a:squid-cache:squid:3.5.3
  Squid-cache Squid 3.5.4 cpe:2.3:a:squid-cache:squid:3.5.4
  Squid-cache Squid 3.5.5 cpe:2.3:a:squid-cache:squid:3.5.5
  Squid-cache Squid 3.5.6 cpe:2.3:a:squid-cache:squid:3.5.6
  Squid-cache Squid 3.5.7 cpe:2.3:a:squid-cache:squid:3.5.7
  Squid-cache Squid 3.5.8 cpe:2.3:a:squid-cache:squid:3.5.8
  Squid-cache Squid 3.5.9 cpe:2.3:a:squid-cache:squid:3.5.9
  Squid-cache Squid 3.5.10 cpe:2.3:a:squid-cache:squid:3.5.10
  Squid-cache Squid 3.5.11 cpe:2.3:a:squid-cache:squid:3.5.11
  Squid-cache Squid 3.5.12 cpe:2.3:a:squid-cache:squid:3.5.12
  Squid-cache Squid 3.5.13 cpe:2.3:a:squid-cache:squid:3.5.13
  Squid-cache Squid 3.5.14 cpe:2.3:a:squid-cache:squid:3.5.14
  Squid-cache Squid 3.5.15 cpe:2.3:a:squid-cache:squid:3.5.15
  Squid-cache Squid 3.5.16 cpe:2.3:a:squid-cache:squid:3.5.16
  Squid-cache Squid 3.5.17 cpe:2.3:a:squid-cache:squid:3.5.17
  Squid-cache Squid 3.5.18 cpe:2.3:a:squid-cache:squid:3.5.18
  Squid-cache Squid 3.5.19 cpe:2.3:a:squid-cache:squid:3.5.19
  Squid-cache Squid 3.5.20 cpe:2.3:a:squid-cache:squid:3.5.20
  Squid-cache Squid 3.5.21 cpe:2.3:a:squid-cache:squid:3.5.21
  Squid-cache Squid 3.5.22 cpe:2.3:a:squid-cache:squid:3.5.22

Configuration #7

    CPE23 From Up To
  Squid-cache Squid 4.0.1 cpe:2.3:a:squid-cache:squid:4.0.1
  Squid-cache Squid 4.0.2 cpe:2.3:a:squid-cache:squid:4.0.2
  Squid-cache Squid 4.0.3 cpe:2.3:a:squid-cache:squid:4.0.3
  Squid-cache Squid 4.0.4 cpe:2.3:a:squid-cache:squid:4.0.4
  Squid-cache Squid 4.0.5 cpe:2.3:a:squid-cache:squid:4.0.5
  Squid-cache Squid 4.0.6 cpe:2.3:a:squid-cache:squid:4.0.6
  Squid-cache Squid 4.0.7 cpe:2.3:a:squid-cache:squid:4.0.7
  Squid-cache Squid 4.0.8 cpe:2.3:a:squid-cache:squid:4.0.8
  Squid-cache Squid 4.0.9 cpe:2.3:a:squid-cache:squid:4.0.9
  Squid-cache Squid 4.0.10 cpe:2.3:a:squid-cache:squid:4.0.10
  Squid-cache Squid 4.0.11 cpe:2.3:a:squid-cache:squid:4.0.11
  Squid-cache Squid 4.0.12 cpe:2.3:a:squid-cache:squid:4.0.12
  Squid-cache Squid 4.0.13 cpe:2.3:a:squid-cache:squid:4.0.13
  Squid-cache Squid 4.0.14 cpe:2.3:a:squid-cache:squid:4.0.14
  Squid-cache Squid 4.0.15 cpe:2.3:a:squid-cache:squid:4.0.15
  Squid-cache Squid 4.0.16 cpe:2.3:a:squid-cache:squid:4.0.16