CVE-2016-10003

HIGH

Squid <4.0.16 - Info Disclosure

Title source: llm

Description

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

References (4)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/12/18/1

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037512

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94953

[Patch, Vendor Advisory] http://www.squid-cache.org/Advisories/SQUID-2016_10.txt

Scores

CVSS v3 7.5

EPSS 0.0177

EPSS Percentile 82.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-697

Status published

Products (1)

squid-cache/squid 3.5.0.1 - 3.5.23

Published Jan 27, 2017

Tracked Since Feb 18, 2026