Main Vulnerability Database Vulnerabilities #VU8429

Information disclosure in Squid - CVE-2016-10002

Published: September 14, 2017

Vulnerability identifier: #VU8429

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-10002

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Squid-cache.org

Affected software:
Squid

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to incorrect HTTP conditional request handling. A remote attacker can obtain private and sensitive information about another clients browsing session, including user's credentials.

Successful exploitation of the vulnerability may allow an attacker to obtain potentially sensitive information.

How to mitigate CVE-2016-10002

Update to version 3.5.23 or 4.0.17.

Sources

http://www.squid-cache.org/Advisories/SQUID-2016_11.txt

Information disclosure in Squid - CVE-2016-10002

Detailed vulnerability description

How to mitigate CVE-2016-10002

Sources

Please verify you're human