Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
                
            References
                    | Link | Resource | 
|---|---|
| http://www.openwall.com/lists/oss-security/2016/12/18/1 | Mailing List Patch Third Party Advisory | 
| http://www.securityfocus.com/bid/94953 | Broken Link Third Party Advisory VDB Entry | 
| http://www.securitytracker.com/id/1037512 | Broken Link Third Party Advisory VDB Entry | 
| http://www.squid-cache.org/Advisories/SQUID-2016_10.txt | Patch Vendor Advisory | 
| http://www.openwall.com/lists/oss-security/2016/12/18/1 | Mailing List Patch Third Party Advisory | 
| http://www.securityfocus.com/bid/94953 | Broken Link Third Party Advisory VDB Entry | 
| http://www.securitytracker.com/id/1037512 | Broken Link Third Party Advisory VDB Entry | 
| http://www.squid-cache.org/Advisories/SQUID-2016_10.txt | Patch Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2017-01-27 17:59
Updated : 2025-04-20 01:37
NVD link : CVE-2016-10003
Mitre link : CVE-2016-10003
CVE.ORG link : CVE-2016-10003
JSON object : View
Products Affected
                squid-cache
- squid
CWE
                
                    
                        
                        CWE-697
                        
            Incorrect Comparison
