High severity7.5NVD Advisory· Published Jan 27, 2017· Updated May 13, 2026

CVE-2016-10002

Description

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2016/12/18/1nvdMailing ListPatchThird Party Advisory
www.squid-cache.org/Advisories/SQUID-2016_11.txtnvdMitigationPatchVendor Advisory
www.debian.org/security/2016/dsa-3745nvdThird Party Advisory
www.securityfocus.com/bid/94953nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1037513nvdThird Party AdvisoryVDB Entry
rhn.redhat.com/errata/RHSA-2017-0182.htmlnvd
rhn.redhat.com/errata/RHSA-2017-0183.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.024
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000