CVE-2023-46846

EPSS 9.62%
Published 03.11.2023 08:15:07
Last modified 18.12.2024 01:15:06
Source secalert@redhat.com
Teams watchlist Login
Open Login

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

Affected products Warnungen 0 Metrics 3 CWE 1 References 19

Data is provided by the National Vulnerability Database (NVD)

Squid-cache ≫ Squid Version >= 2.6 < 6.4

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux Eus Version8.8

Redhat ≫ Enterprise Linux Eus Version9.0

Redhat ≫ Enterprise Linux Eus Version9.2

Redhat ≫ Enterprise Linux For Arm 64 Version8.0_aarch64

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server Aus Version9.2

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.6

Redhat ≫ Enterprise Linux Server Tus Version8.8

Redhat ≫ Enterprise Linux Server Tus Version9.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.62%	0.926

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
secalert@redhat.com	9.3	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://access.redhat.com/errata/RHSA-2023:6266

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6267

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6268

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6748

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6801

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6803

Third Party Advisory