CVE DATABASE / CVE-2016-10003
CVE-2016-10003
CVSS 7.5 · HIGH
Summary
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
CVSS 3.1 breakdown
| Base score | 7.5 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Squid-cache squid
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.openwall.com/lists/oss-security/2016/12/18/1
- http://www.securityfocus.com/bid/94953
- http://www.securitytracker.com/id/1037512
- http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
Data: NIST NVD. NVD last modified 2026-05-13. Always verify against the vendor advisory before acting.