{"id":"CVE-2016-10003","details":"Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.","modified":"2026-03-20T11:00:09.947336Z","published":"2017-01-27T17:59:00.180Z","related":["MGASA-2016-0423","SUSE-SU-2017:0128-1","openSUSE-SU-2024:11403-1"],"references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1037512"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94953"},{"type":"FIX","url":"http://www.squid-cache.org/Advisories/SQUID-2016_10.txt"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/12/18/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/squid-cache/squid","events":[{"introduced":"76249d3f79580a0fb63d3e91cf6826e297b87d6e"},{"fixed":"4fef4b02fa0fb9892b6add644d30e326ef11a918"},{"introduced":"1243ec712bf76c549ba7f48fcdc30d98ce550449"},{"fixed":"3f422b10d779df353482d0b2b2b8f7f9d03cf593"}],"database_specific":{"versions":[{"introduced":"3.5.0.1"},{"fixed":"3.5.23"},{"introduced":"4.0.1"},{"fixed":"4.0.17"}]}}],"versions":["SQUID_3_5_0_1","SQUID_3_5_0_2","SQUID_3_5_0_3","SQUID_3_5_0_4","SQUID_3_5_1","SQUID_3_5_10","SQUID_3_5_11","SQUID_3_5_12","SQUID_3_5_13","SQUID_3_5_14","SQUID_3_5_15","SQUID_3_5_16","SQUID_3_5_17","SQUID_3_5_18","SQUID_3_5_19","SQUID_3_5_2","SQUID_3_5_20","SQUID_3_5_21","SQUID_3_5_22","SQUID_3_5_3","SQUID_3_5_4","SQUID_3_5_5","SQUID_3_5_6","SQUID_3_5_7","SQUID_3_5_8","SQUID_3_5_9","SQUID_4_0_1","SQUID_4_0_10","SQUID_4_0_11","SQUID_4_0_12","SQUID_4_0_13","SQUID_4_0_14","SQUID_4_0_15","SQUID_4_0_16","SQUID_4_0_2","SQUID_4_0_3","SQUID_4_0_4","SQUID_4_0_5","SQUID_4_0_6","SQUID_4_0_7","SQUID_4_0_8","SQUID_4_0_9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10003.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}