Description

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

Remediation

References

CVE-2016-10003

Related Vulnerabilities

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-0244)

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2094)

WordPress Plugin Form Store to DB includes Backdoor [Only if downloaded via the vendor website] (1.0.9)

Joomla Improper Input Validation Vulnerability (CVE-2016-8869)

Apache HTTP Server Other Vulnerability (CVE-2002-0661)

Severity

High

Classification

CVE-2016-10003 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities