[Forgot Password]
Login  Register Subscribe

23631

 
 

125101

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-10002

Date: (C)2017-01-31   (M)2017-11-18 


Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

CVSS Score: 5.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECTRACK-1037513
BID-94953
DSA-3745
http://www.openwall.com/lists/oss-security/2016/12/18/1
http://www.squid-cache.org/Advisories/SQUID-2016_11.txt

CPE    76
cpe:/a:squid-cache:squid:3.5.2
cpe:/a:squid-cache:squid:3.4.1
cpe:/a:squid-cache:squid:3.5.0.2
cpe:/a:squid-cache:squid:3.5.0.1
...
CWE    1
CWE-200
OVAL    10
oval:org.secpod.oval:def:111919
oval:org.secpod.oval:def:501969
oval:org.secpod.oval:def:204087
oval:org.secpod.oval:def:204085
...

© 2013 SecPod Technologies