CVE-2016-10003
HIGHSquid 3.5.0.1-3.5.22 and 4.0.1-4.0.16 - Incorrect HTTP Request Header Comparison in Collapsed Forwarding
Title source: llmDescription
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
References (4)
Core 4
Core References
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/12/18/1
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037512
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94953
Patch, Vendor Advisory x_refsource_confirm
http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
Scores
CVSS v3
7.5
EPSS
0.0477
EPSS Percentile
90.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-697
Status
published
Products (1)
squid-cache/squid
3.5.0.1 - 3.5.23
Published
Jan 27, 2017
Tracked Since
Feb 18, 2026