Vulnerabilities > CVE-2016-10002 - Information Exposure vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
debian
squid-cache
CWE-200
nessus

Summary

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

Vulnerable Configurations

Part Description Count
OS
Debian
1
Application
Squid-Cache
121

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3192-1.NASL
    descriptionSaulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients
    last seen2020-06-01
    modified2020-06-02
    plugin id97049
    published2017-02-07
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97049
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : squid3 vulnerabilities (USN-3192-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3192-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97049);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-10002", "CVE-2016-10003");
      script_xref(name:"USN", value:"3192-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : squid3 vulnerabilities (USN-3192-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Saulius Lapinskas discovered that Squid incorrectly handled processing
    HTTP conditional requests. A remote attacker could possibly use this
    issue to obtain sensitive information related to other clients'
    browsing sessions. (CVE-2016-10002)
    
    Felix Hassert discovered that Squid incorrectly handled certain HTTP
    Request headers when using the Collapsed Forwarding feature. A remote
    attacker could possibly use this issue to obtain sensitive information
    related to other clients' browsing sessions. This issue only applied
    to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10003).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3192-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected squid3 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:squid3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 16.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"squid3", pkgver:"3.1.19-1ubuntu3.12.04.8")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"squid3", pkgver:"3.3.8-1ubuntu6.9")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"squid3", pkgver:"3.5.12-1ubuntu7.3")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"squid3", pkgver:"3.5.12-1ubuntu8.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid3");
    }
    
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0182.NASL
    descriptionAn update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es) : * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101413
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101413
    titleVirtuozzo 7 : squid / squid-migration-script / squid-sysvinit (VZLSA-2017-0182)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101413);
      script_version("1.7");
      script_cvs_date("Date: 2018/11/20 11:04:17");
    
      script_cve_id(
        "CVE-2016-10002"
      );
    
      script_name(english:"Virtuozzo 7 : squid / squid-migration-script / squid-sysvinit (VZLSA-2017-0182)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Virtuozzo host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "An update for squid is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Squid is a high-performance proxy caching server for web clients,
    supporting FTP, Gopher, and HTTP data objects.
    
    Security Fix(es) :
    
    * It was found that squid did not properly remove connection specific
    headers when answering conditional requests using a cached request. A
    remote attacker could send a specially crafted request to an HTTP
    server via the squid proxy and steal private data from other
    connections. (CVE-2016-10002)
    
    Note that Tenable Network Security has attempted to extract the
    preceding description block directly from the corresponding Red Hat
    security advisory. Virtuozzo provides no description for VZLSA
    advisories. Tenable has attempted to automatically clean and format
    it as much as possible without introducing additional issues.");
      # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0182.json
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d0ed364f");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017-0182");
      script_set_attribute(attribute:"solution", value:
    "Update the affected squid / squid-migration-script / squid-sysvinit package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:squid");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:squid-migration-script");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:squid-sysvinit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:7");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Virtuozzo Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/Virtuozzo/release");
    if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
    os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 7.x", "Virtuozzo " + os_ver);
    
    if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);
    
    flag = 0;
    
    pkgs = ["squid-3.5.20-2.vl7.2",
            "squid-migration-script-3.5.20-2.vl7.2",
            "squid-sysvinit-3.5.20-2.vl7.2"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"Virtuozzo-7", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid / squid-migration-script / squid-sysvinit");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170124_SQUID34_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002)
    last seen2020-03-18
    modified2017-01-25
    plugin id96759
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96759
    titleScientific Linux Security Update : squid34 on SL6.x i386/x86_64 (20170124)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_41F8AF15C8B911E6AE1B002590263BF5.NASL
    descriptionSquid security advisory 2016:10 reports : Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached. This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources. This problem only affects Squid configured to use the Collapsed Forwarding feature. It is of particular importance for HTTPS reverse-proxy sites with Collapsed Forwarding. Squid security advisory 2016:11 reports : Due to incorrect HTTP conditional request handling Squid can deliver responses containing private data to clients it should not have reached. This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources..
    last seen2020-06-01
    modified2020-06-02
    plugin id96117
    published2016-12-27
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96117
    titleFreeBSD : squid -- multiple vulnerabilities (41f8af15-c8b9-11e6-ae1b-002590263bf5)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0182.NASL
    descriptionAn update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es) : * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002)
    last seen2020-06-01
    modified2020-06-02
    plugin id96810
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96810
    titleCentOS 7 : squid (CESA-2017:0182)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-C614315D29.NASL
    descriptionSecurity fix for CVE-2016-10002, CVE-2016-10003 ---- Version update and bugfix of #1392476 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-01-23
    plugin id96670
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96670
    titleFedora 25 : 7:squid (2016-c614315d29)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0183.NASL
    descriptionAn update for squid34 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es) : * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002)
    last seen2020-06-01
    modified2020-06-02
    plugin id96755
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96755
    titleRHEL 6 : squid34 (RHSA-2017:0183)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170124_SQUID_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002)
    last seen2020-03-18
    modified2017-01-25
    plugin id96760
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96760
    titleScientific Linux Security Update : squid on SL7.x x86_64 (20170124)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3745.NASL
    descriptionSaulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker can take advantage of this flaw to discover private and sensitive information about another clients browsing session.
    last seen2020-06-01
    modified2020-06-02
    plugin id96102
    published2016-12-27
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96102
    titleDebian DSA-3745-1 : squid3 - security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0182.NASL
    descriptionAn update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es) : * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002)
    last seen2020-06-01
    modified2020-06-02
    plugin id96754
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96754
    titleRHEL 7 : squid (RHSA-2017:0182)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0183.NASL
    descriptionFrom Red Hat Security Advisory 2017:0183 : An update for squid34 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es) : * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002)
    last seen2020-06-01
    modified2020-06-02
    plugin id96752
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96752
    titleOracle Linux 6 : squid34 (ELSA-2017-0183)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0182.NASL
    descriptionFrom Red Hat Security Advisory 2017:0182 : An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es) : * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002)
    last seen2020-06-01
    modified2020-06-02
    plugin id96751
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96751
    titleOracle Linux 7 : squid (ELSA-2017-0182)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0110-1.NASL
    descriptionThis update for squid3 fixes the following issues : - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168) - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96432
    published2017-01-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96432
    titleSUSE SLES11 Security Update : squid3 (SUSE-SU-2017:0110-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0128-1.NASL
    descriptionThis update for squid fixes the following issues : - CVE-2016-10003: Prevent incorrect forwarding of cached private responses when Collapsed Forwarding feature is enabled. This allowed remote attacker (proxy user) to discover private and sensitive information about another user (bsc#1016169). - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168). - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96530
    published2017-01-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96530
    titleSUSE SLES12 Security Update : squid (SUSE-SU-2017:0128-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1017.NASL
    descriptionAccording to the version of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99863
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99863
    titleEulerOS 2.0 SP1 : squid (EulerOS-SA-2017-1017)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-115.NASL
    descriptionThis update for squid fixes the following issues : - CVE-2016-10003: Prevent incorrect forwarding of cached private responses when Collapsed Forwarding feature is enabled. This allowed remote attacker (proxy user) to discover private and sensitive information about another user (bsc#1016169). - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168). - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-01-19
    plugin id96622
    published2017-01-19
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96622
    titleopenSUSE Security Update : squid (openSUSE-2017-115)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0116-1.NASL
    descriptionThis update for squid fixes the following issues : - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168) - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96482
    published2017-01-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96482
    titleSUSE SLES12 Security Update : squid (SUSE-SU-2017:0116-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-127.NASL
    descriptionThis update for squid fixes the following issues : - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168) - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-01-20
    plugin id96648
    published2017-01-20
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96648
    titleopenSUSE Security Update : squid (openSUSE-2017-127)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0183.NASL
    descriptionAn update for squid34 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es) : * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002)
    last seen2020-06-01
    modified2020-06-02
    plugin id96811
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96811
    titleCentOS 6 : squid34 (CESA-2017:0183)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-763.NASL
    descriptionSaulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker can take advantage of this flaw to discover private and sensitive information about another client
    last seen2020-03-17
    modified2016-12-27
    plugin id96098
    published2016-12-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96098
    titleDebian DLA-763-1 : squid3 security update
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0183.NASL
    descriptionAn update for squid34 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es) : * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101414
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101414
    titleVirtuozzo 6 : squid34 (VZLSA-2017-0183)
  • NASL familyFirewalls
    NASL idSQUID_2016_11.NASL
    descriptionAccording to its banner, the version of Squid running on the remote host is 3.x after 3.1 and prior to 3.5.23, or 4.x prior to 4.0.17. It is, therefore, affected by an information disclosure vulnerability in the HTTP request processing component due to the incorrect HTTP conditional request handling. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id119721
    published2018-12-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119721
    titleSquid 3.1 < 3.x < 3.5.23 / 4.x < 4.0.17 Information Disclosure Vulnerability (SQUID-2016:11)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1018.NASL
    descriptionAccording to the version of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99864
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99864
    titleEulerOS 2.0 SP2 : squid (EulerOS-SA-2017-1018)

Redhat

advisories
  • bugzilla
    id1405941
    titleCVE-2016-10002 squid: Information disclosure in HTTP request processing
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentsquid-sysvinit is earlier than 7:3.5.20-2.el7_3.2
            ovaloval:com.redhat.rhsa:tst:20170182001
          • commentsquid-sysvinit is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141147002
        • AND
          • commentsquid-migration-script is earlier than 7:3.5.20-2.el7_3.2
            ovaloval:com.redhat.rhsa:tst:20170182003
          • commentsquid-migration-script is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20162600004
        • AND
          • commentsquid is earlier than 7:3.5.20-2.el7_3.2
            ovaloval:com.redhat.rhsa:tst:20170182005
          • commentsquid is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110545002
    rhsa
    idRHSA-2017:0182
    released2017-01-24
    severityModerate
    titleRHSA-2017:0182: squid security update (Moderate)
  • bugzilla
    id1405941
    titleCVE-2016-10002 squid: Information disclosure in HTTP request processing
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentsquid34 is earlier than 7:3.4.14-9.el6_8.4
        ovaloval:com.redhat.rhsa:tst:20170183001
      • commentsquid34 is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20161140002
    rhsa
    idRHSA-2017:0183
    released2017-01-24
    severityModerate
    titleRHSA-2017:0183: squid34 security update (Moderate)
rpms
  • squid-7:3.5.20-2.el7_3.2
  • squid-debuginfo-7:3.5.20-2.el7_3.2
  • squid-migration-script-7:3.5.20-2.el7_3.2
  • squid-sysvinit-7:3.5.20-2.el7_3.2
  • squid34-7:3.4.14-9.el6_8.4
  • squid34-debuginfo-7:3.4.14-9.el6_8.4