Squid HTTP Proxy versions 3.5.0.1-3.5.22 and 4.0.1-4.0.16 can mis-handle HTTP request header comparison in the Collapsed Forwarding feature, causing some private responses to be treated as suitable for delivery to multiple clients. Because the issue is network-reachable, requires no privileges or user interaction, and can expose confidential content, affected proxy deployments should be prioritized for up [truncated]
CVE-2016-10002 describes a Squid HTTP Proxy flaw where responses to conditional requests can be processed incorrectly, allowing client-specific Cookie data to be exposed to other clients. The issue affects multiple Squid release lines and is rated HIGH by NVD with a CVSS 3.0 score of 7.5. Because the attack can be crafted by a client to probe a shared cache, this is a confidentiality issue that matters mo [truncated]
