← voltar
CVE-2016-10002

CVE-2016-10002

EPSS 6.8%
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://rhn.redhat.com/errata/RHSA-2017-0182.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0183.htmlhttp://www.debian.org/security/2016/dsa-3745http://www.openwall.com/lists/oss-security/2016/12/18/1http://www.securityfocus.com/bid/94953http://www.securitytracker.com/id/1037513http://www.squid-cache.org/Advisories/SQUID-2016_11.txt