PT-2017-7668 · Squid+5 · Squid Http Proxy+6
Saulius Lapinskas
·
Publicado
2014-04-24
·
Atualizado
2024-06-15
·
CVE-2016-10002
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Squid HTTP Proxy versions 3.1.10 through 3.1.23
Squid HTTP Proxy versions 3.2.0.3 through 3.5.22
Squid HTTP Proxy versions 4.0.1 through 4.0.16
Description
The issue arises from the incorrect processing of responses to If-None-Modified HTTP conditional requests, leading to the leakage of client-specific Cookie data to other clients. An attacker can craft requests to probe a cache for this sensitive information.
Recommendations
For Squid HTTP Proxy versions 3.1.10 through 3.1.23, update to a version outside of this range to mitigate the issue.
For Squid HTTP Proxy versions 3.2.0.3 through 3.5.22, update to a version outside of this range to mitigate the issue.
For Squid HTTP Proxy versions 4.0.1 through 4.0.16, update to a version outside of this range to mitigate the issue.
As a temporary workaround, consider restricting access to the cache to minimize the risk of exploitation.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Red Hat
Squid Cache
Squid Http Proxy
Suse
Ubuntu