#VU8429 Information disclosure in Squid - CVE-2016-10002
Published: September 14, 2017
Vulnerability identifier: #VU8429
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-10002
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Squid
Squid
Software vendor:
Squid-cache.org
Squid-cache.org
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to incorrect HTTP conditional request handling. A remote attacker can obtain private and sensitive information about another clients browsing session, including user's credentials.
Successful exploitation of the vulnerability may allow an attacker to obtain potentially sensitive information.
The vulnerability exists due to incorrect HTTP conditional request handling. A remote attacker can obtain private and sensitive information about another clients browsing session, including user's credentials.
Successful exploitation of the vulnerability may allow an attacker to obtain potentially sensitive information.
Remediation
Update to version 3.5.23 or 4.0.17.