CVE-2016-10002
Description
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
11.386
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Web proxy cache server (USN-2995-1) squid3_3.5.12-1ubuntu7.3_all.deb | Linux |
| Web proxy cache server (USN-2995-1) squid3_3.1.19-1ubuntu3.12.04.8_i386.deb | Linux |
| Web proxy cache server (USN-2995-1) squid3_3.1.19-1ubuntu3.12.04.8_amd64.deb | Linux |
| Web proxy cache server (USN-2995-1) squid-cgi_3.1.19-1ubuntu3.12.04.8_i386.deb | Linux |
| Web proxy cache server (USN-2995-1) squid-cgi_3.1.19-1ubuntu3.12.04.8_amd64.deb | Linux |
| Web proxy cache server (USN-3192-1) squid3_3.3.8-1ubuntu6.9_i386.deb | Linux |
| Web proxy cache server (USN-3192-1) squid3_3.3.8-1ubuntu6.9_amd64.deb | Linux |
| Web proxy cache server (USN-3192-1) squid3_3.5.12-1ubuntu7.3_all.deb | Linux |
| Web proxy cache server (USN-3192-1) squid3_3.5.12-1ubuntu8.1_all.deb | Linux |
| Web proxy cache server (USN-3192-1) squid3_3.1.19-1ubuntu3.12.04.8_i386.deb | Linux |
| Web proxy cache server (USN-3192-1) squid3_3.1.19-1ubuntu3.12.04.8_amd64.deb | Linux |
| squid3 security update(DSA-3745-1) squid3_3.4.8-6+deb8u4_i386.deb | Linux |
| squid3 security update(DSA-3745-1) squid3_3.4.8-6+deb8u4_amd64.deb | Linux |
| squid3 security update(DSA-3745-1) squid3_3.4.8-6+deb8u4_kfreebsd-i386.deb | Linux |
| squid3 security update(DSA-3745-1) squid3_3.4.8-6+deb8u4_kfreebsd-amd64.deb | Linux |
| (RHSA-2017:0182) Moderate: squid security update squid-3.5.20-2.el7_3.2.x86_64.rpm | Linux |
| (RHSA-2017:0182) Moderate: squid security update squid-migration-script-3.5.20-2.el7_3.2.x86_64.rpm | Linux |
| (RHSA-2017:0182) Moderate: squid security update squid-sysvinit-3.5.20-2.el7_3.2.x86_64.rpm | Linux |
| (RHSA-2017:0183) Moderate: squid34 security update squid34-3.4.14-9.el6_8.4.i686.rpm | Linux |
| (RHSA-2017:0183) Moderate: squid34 security update squid34-3.4.14-9.el6_8.4.x86_64.rpm | Linux |
| SUSE-SU-2017:0116-1(SUSE Linux Enterprise Server 12-SP1 ) squid-3.3.14-22.6.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0116-1(SUSE Linux Enterprise Server 12-SP1 ) squid-debuginfo-3.3.14-22.6.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0116-1(SUSE Linux Enterprise Server 12-SP1 ) squid-debugsource-3.3.14-22.6.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234