7.5

CVE-2016-10003

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cacheSquid Version >= 3.5.0.1 < 3.5.23
Squid-cacheSquid Version >= 4.0.1 < 4.0.17
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.77% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect.

http://www.openwall.com/lists/oss-security/2016/12/18/1
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/94953
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1037512
Third Party Advisory
Broken Link
VDB Entry
http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
Patch
Vendor Advisory