Main Vulnerability Database Vulnerabilities #VU8428

Information disclosure in Squid - CVE-2016-10003

Published: September 14, 2017

Vulnerability identifier: #VU8428

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-10003

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Squid-cache.org

Affected software:
Squid

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to incorrect comparison of request headers when Collapsed Forwarding feature is configured. A remote attacker can obtain private and sensitive information about another clients browsing session, including user's credentials.

Successful exploitation of the vulnerability may allow an attacker to obtain potentially sensitive information.

How to mitigate CVE-2016-10003

Update to version 3.5.23 or 4.0.17.

Sources

http://www.squid-cache.org/Advisories/SQUID-2016_10.txt

Information disclosure in Squid - CVE-2016-10003

Detailed vulnerability description

How to mitigate CVE-2016-10003

Sources

Please verify you're human