Test ID:	1.3.6.1.4.1.25623.1.0.703745
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3745-1)
Summary:	The remote host is missing an update for the Debian 'squid3' package(s) announced via the DSA-3745-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'squid3' package(s) announced via the DSA-3745-1 advisory. Vulnerability Insight: Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker can take advantage of this flaw to discover private and sensitive information about another clients browsing session. For the stable distribution (jessie), this problem has been fixed in version 3.4.8-6+deb8u4. In addition, this update includes a fix for #819563. For the unstable distribution (sid), this problem has been fixed in version 3.5.23-1. We recommend that you upgrade your squid3 packages. Affected Software/OS: 'squid3' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10002 BugTraq ID: 94953 http://www.securityfocus.com/bid/94953 Debian Security Information: DSA-3745 (Google Search) http://www.debian.org/security/2016/dsa-3745 http://www.openwall.com/lists/oss-security/2016/12/18/1 RedHat Security Advisories: RHSA-2017:0182 http://rhn.redhat.com/errata/RHSA-2017-0182.html RedHat Security Advisories: RHSA-2017:0183 http://rhn.redhat.com/errata/RHSA-2017-0183.html http://www.securitytracker.com/id/1037513
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.