What is CVE-2016-10003?

CVE-2016-10003 is a high-severity vulnerability in Squid-cache Squid, classified under Incorrect Comparison. CVSS score: 7.5/10. Published 2017-01-27.

How severe is CVE-2016-10003?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Squid-cache Squid

CVE-2016-10003

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple…

EPSS: 0.010 (76.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Squid-cache Squid
N/a — versions n/a

Weakness classification (CWE)

CWE-697 — Incorrect Comparison

References

cve@mitre.org (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK, Broken Link)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2016-10003?: CVE-2016-10003 is a high-severity vulnerability in Squid-cache Squid, classified under Incorrect Comparison. CVSS score: 7.5/10. Published 2017-01-27.
How severe is CVE-2016-10003?: High severity. CVSS v3 base score is 7.5 out of 10.