Squid: request/response smuggling in http/1.1 and icap
CVE-2023-46846

9.3CRITICAL

Key Information:

Status
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions
Vendor
CVE Published:
3 November 2023

What is CVE-2023-46846?

The SQUID web proxy server has been identified with a vulnerability that allows remote attackers to exploit lenient decoding of chunked HTTP requests. This flaw can facilitate HTTP request smuggling, enabling attackers to bypass frontend security measures and firewalls, potentially leading to unauthorized data access or system manipulation. Organizations using SQUID are advised to apply the latest patches promptly to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2023:6266
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:6267
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:6268
vendor-advisoryx_refsource_REDHAT

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.