Saulius Lapinskas

**Name of the Vulnerable Software and Affected Versions** Squid HTTP Proxy versions 3.1.10 through 3.1.23 Squid HTTP Proxy versions 3.2.0.3 through 3.5.22 Squid HTTP Proxy versions 4.0.1 through 4.0.16 **Description** The issue arises from the incorrect processing of responses to If-None-Modified HTTP conditional requests, leading to the leakage of client-specific Cookie data to other clients. An attacker can craft requests to probe a cache for this sensitive information. **Recommendations** For Squid HTTP Proxy versions 3.1.10 through 3.1.23, update to a version outside of this range to mitigate the issue. For Squid HTTP Proxy versions 3.2.0.3 through 3.5.22, update to a version outside of this range to mitigate the issue. For Squid HTTP Proxy versions 4.0.1 through 4.0.16, update to a version outside of this range to mitigate the issue. As a temporary workaround, consider restricting access to the cache to minimize the risk of exploitation.