Lucene search
Tenable9858.PRMHistoryJan 09, 2017 - 12:00 a.m.
Squid 3.5.x < 3.5.23 / 4.0.x < 4.0.17 Multiple Information Disclosure
2017-01-0900:00:00
Tenable
www.tenable.com
4
Versions of Squid 4.0.x prior to 4.0.17, and 3.5.x prior to 3.5.18 are affected by multiple vulnerabilities :
- A flaw exists in the collapsed forwarding functionality in ‘client_side_reply.cc’ that is triggered as request headers are not properly compared, which can cause the program to deliver responses containing private data to clients it should not have reached. This may allow a remote attacker to gain access to potentially sensitive information from other sessions.
- A flaw exists in ‘client_side_reply.cc’ that is triggered during the handling of HTTP conditional requests. This may allow a remote attacker to gain access to potentially sensitive information from other sessions.
Binary data 9858.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| squid-cache | squid | cpe:/a:squid-cache:squid |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10003
www.squid-cache.org/Advisories/SQUID-2016_11.txt
www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch
www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14127.patch
www.squid-cache.org/Versions/v4/changesets/squid-4-14956.patch