CVE-2016-10003

{"id": "CVE-2016-10003", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-01-27T17:59:00.180", "references": [{"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/94953", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1037512", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/94953", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037512", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-697"}]}], "descriptions": [{"lang": "en", "value": "Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients."}, {"lang": "es", "value": "Comparaci\u00f3n incorrecta del encabezado de HTTP Request en Squid HTTP Proxy 3.5.0.1 hasta la versi\u00f3n 3.5.22 y 4.0.1 hasta la versi\u00f3n 4.0.16 resulta en que la funcionalidad Collapsed Forwarding identifica de forma equivocada algunas respuestas privadas como adecuadas para la entrega a m\u00faltiples clientes."}], "lastModified": "2024-11-21T02:43:04.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AE6398D-3000-4C1B-8BB3-37AE280BEDD2", "versionEndExcluding": "3.5.23", "versionStartIncluding": "3.5.0.1"}, {"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32C73B3C-ECDF-450E-A039-9F09A18570E4", "versionEndExcluding": "4.0.17", "versionStartIncluding": "4.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}