CVE-2016-10002

2017-01-2700:00:00

ubuntu.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.1%

JSON

Incorrect processing of responses to If-None-Modified HTTP conditional
requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22,
and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked
to other clients. Attack requests can easily be crafted by a client to
probe a cache for this information.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchsquid3< 3.1.19-1ubuntu3.12.04.8UNKNOWN
ubuntu14.04noarchsquid3< 3.3.8-1ubuntu6.9UNKNOWN
ubuntu16.04noarchsquid3< 3.5.12-1ubuntu7.3UNKNOWN
ubuntu16.10noarchsquid3< 3.5.12-1ubuntu8.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	squid3	< 3.1.19-1ubuntu3.12.04.8	UNKNOWN
ubuntu	14.04	noarch	squid3	< 3.3.8-1ubuntu6.9	UNKNOWN
ubuntu	16.04	noarch	squid3	< 3.5.12-1ubuntu7.3	UNKNOWN
ubuntu	16.10	noarch	squid3	< 3.5.12-1ubuntu8.1	UNKNOWN