Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2016-10002

Disclosure Date: January 27, 2017
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Vendors

  • debian,
  • squid-cache

Products

  • debian linux 8.0,
  • squid 3.1.10,
  • squid 3.1.11,
  • squid 3.1.12,
  • squid 3.1.14,
  • squid 3.1.15,
  • squid 3.1.16,
  • squid 3.1.17,
  • squid 3.1.18,
  • squid 3.1.19,
  • squid 3.1.20,
  • squid 3.1.21,
  • squid 3.1.22,
  • squid 3.1.23,
  • squid 3.2.0.10,
  • squid 3.2.0.11,
  • squid 3.2.0.12,
  • squid 3.2.0.13,
  • squid 3.2.0.14,
  • squid 3.2.0.15,
  • squid 3.2.0.16,
  • squid 3.2.0.17,
  • squid 3.2.0.18,
  • squid 3.2.0.19,
  • squid 3.2.0.3,
  • squid 3.2.0.4,
  • squid 3.2.0.5,
  • squid 3.2.0.6,
  • squid 3.2.0.7,
  • squid 3.2.0.8,
  • squid 3.2.0.9,
  • squid 3.2.1,
  • squid 3.2.10,
  • squid 3.2.11,
  • squid 3.2.12,
  • squid 3.2.13,
  • squid 3.2.14,
  • squid 3.2.2,
  • squid 3.2.3,
  • squid 3.2.4,
  • squid 3.2.5,
  • squid 3.2.6,
  • squid 3.2.7,
  • squid 3.2.8,
  • squid 3.2.9,
  • squid 3.3.0.1,
  • squid 3.3.0.2,
  • squid 3.3.0.3,
  • squid 3.3.1,
  • squid 3.3.10,
  • squid 3.3.11,
  • squid 3.3.12,
  • squid 3.3.13,
  • squid 3.3.14,
  • squid 3.3.2,
  • squid 3.3.3,
  • squid 3.3.4,
  • squid 3.3.5,
  • squid 3.3.6,
  • squid 3.3.7,
  • squid 3.3.8,
  • squid 3.3.9,
  • squid 3.4.0.1,
  • squid 3.4.0.2,
  • squid 3.4.0.3,
  • squid 3.4.0.4,
  • squid 3.4.1,
  • squid 3.4.10,
  • squid 3.4.11,
  • squid 3.4.12,
  • squid 3.4.13,
  • squid 3.4.14,
  • squid 3.4.2,
  • squid 3.4.3,
  • squid 3.4.4,
  • squid 3.4.5,
  • squid 3.4.6,
  • squid 3.4.7,
  • squid 3.4.8,
  • squid 3.4.9,
  • squid 3.5.0.1,
  • squid 3.5.0.2,
  • squid 3.5.0.3,
  • squid 3.5.0.4,
  • squid 3.5.1,
  • squid 3.5.10,
  • squid 3.5.11,
  • squid 3.5.12,
  • squid 3.5.13,
  • squid 3.5.14,
  • squid 3.5.15,
  • squid 3.5.16,
  • squid 3.5.17,
  • squid 3.5.18,
  • squid 3.5.19,
  • squid 3.5.2,
  • squid 3.5.20,
  • squid 3.5.21,
  • squid 3.5.22,
  • squid 3.5.3,
  • squid 3.5.4,
  • squid 3.5.5,
  • squid 3.5.6,
  • squid 3.5.7,
  • squid 3.5.8,
  • squid 3.5.9,
  • squid 4.0.1,
  • squid 4.0.10,
  • squid 4.0.11,
  • squid 4.0.12,
  • squid 4.0.13,
  • squid 4.0.14,
  • squid 4.0.15,
  • squid 4.0.16,
  • squid 4.0.2,
  • squid 4.0.3,
  • squid 4.0.4,
  • squid 4.0.5,
  • squid 4.0.6,
  • squid 4.0.7,
  • squid 4.0.8,
  • squid 4.0.9
Technical Analysis