Squid: request/response smuggling in http/1.1 and icap
CVE-2023-46846

5.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions; Red Hat Enterprise Linux 8.2 Advanced Update Support; Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Vendor: CVE Published:; 3 November 2023

Summary

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

Affected Version(s)

Red Hat Enterprise Linux 8 8080020231030214932.63b34585

Red Hat Enterprise Linux 8 8090020231030224841.a75119d5

Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions 8010020231101141358.c27ad7f8

References

https://access.redhat.com/errata/RHSA-2023:6266

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2023:6267

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2023:6268

vendor-advisoryx_refsource_REDHAT

EPSS Score

2% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Oct 27, 2023

Collectors

NVD DatabaseMitre Database