Strix
26.1K

CVE-2016-10002

UnknownEPSS 6.77%

Last modified

CVE-2016-10002 is a vulnerability of currently unknown severity. Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.. EPSS estimates a 6.77% chance of exploitation in the next 30 days.

Description

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

Metrics

EPSS Probability
6.77%

93.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DebianDebian Linux8.0
Squid-CacheSquid3.1.10
Squid-CacheSquid3.1.11
Squid-CacheSquid3.1.12
Squid-CacheSquid3.1.14
Squid-CacheSquid3.1.15
Squid-CacheSquid3.1.16
Squid-CacheSquid3.1.17
Squid-CacheSquid3.1.18
Squid-CacheSquid3.1.19
Squid-CacheSquid3.1.20
Squid-CacheSquid3.1.21
Squid-CacheSquid3.1.22
Squid-CacheSquid3.1.23
Squid-CacheSquid3.2.0.3
Squid-CacheSquid3.2.0.4
Squid-CacheSquid3.2.0.5
Squid-CacheSquid3.2.0.6
Squid-CacheSquid3.2.0.7
Squid-CacheSquid3.2.0.8
Squid-CacheSquid3.2.0.9
Squid-CacheSquid3.2.0.10
Squid-CacheSquid3.2.0.11
Squid-CacheSquid3.2.0.12
Squid-CacheSquid3.2.0.13
Squid-CacheSquid3.2.0.14
Squid-CacheSquid3.2.0.15
Squid-CacheSquid3.2.0.16
Squid-CacheSquid3.2.0.17
Squid-CacheSquid3.2.0.18
Squid-CacheSquid3.2.0.19
Squid-CacheSquid3.2.1
Squid-CacheSquid3.2.2
Squid-CacheSquid3.2.3
Squid-CacheSquid3.2.4
Squid-CacheSquid3.2.5
Squid-CacheSquid3.2.6
Squid-CacheSquid3.2.7
Squid-CacheSquid3.2.8
Squid-CacheSquid3.2.9
Squid-CacheSquid3.2.10
Squid-CacheSquid3.2.11
Squid-CacheSquid3.2.12
Squid-CacheSquid3.2.13
Squid-CacheSquid3.2.14
Squid-CacheSquid3.3.0.1
Squid-CacheSquid3.3.0.2
Squid-CacheSquid3.3.0.3
Squid-CacheSquid3.3.1
Squid-CacheSquid3.3.2

Showing 50 of 122 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2016-10002?
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
How severe is CVE-2016-10002?
Severity scoring for CVE-2016-10002 is pending analysis. The EPSS model estimates a 6.77% probability of exploitation in the next 30 days.
How do I fix CVE-2016-10002?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-10002?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST