Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-27T17:00:00

Updated: 2024-08-06T03:07:31.821Z

Reserved: 2016-12-17T00:00:00

Link: CVE-2016-10002

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-01-27T17:59:00.133

Modified: 2024-11-21T02:43:04.293

Link: CVE-2016-10002

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-12-16T00:00:00Z

Links: CVE-2016-10002 - Bugzilla