VDB
CISA-2023-46846
CISA-2023-46846
PUBLISHED
CVSS 9.3 CRITICAL
Reported by redhat · Published November 3, 2023
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
Risk Scores
CVSS 3.1
9.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 2.6 | ||
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 7:3.5.20-17.el7_9.13 |
| Red Hat | Red Hat Enterprise Linux 8 | 8080020231030214932.63b34585 |
| Red Hat | Red Hat Enterprise Linux 8 | 8090020231030224841.a75119d5 |
| Red Hat | Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | 8010020231101141358.c27ad7f8 |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 8020020231101135052.4cda2c84 |
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service | 8020020231101135052.4cda2c84 |
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | 8020020231101135052.4cda2c84 |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 8040020231101101624.522a0ee4 |
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | 8040020231101101624.522a0ee4 |
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | 8040020231101101624.522a0ee4 |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | 8060020231031165747.ad008a3a |
| Red Hat | Red Hat Enterprise Linux 9 | 7:5.5-5.el9_2.1 |
| Red Hat | Red Hat Enterprise Linux 9 | 7:5.5-6.el9_3.1 |
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | 7:5.2-1.el9_0.3 |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | 7:5.2-1.el9_0.3, 7:5.2-1.el9_0.3 |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 7:3.5.20-17.el7_9.13, 7:3.5.20-17.el7_9.13 |
| Red Hat | Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | 8010020231101141358.c27ad7f8, 8010020231101141358.c27ad7f8 |
…and 12 more
Timeline
- Nov 3, 2023 CVE Published
- Feb 25, 2026 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
References
- RHSA-2023:6266 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:6267 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:6268 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:6748 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:6801 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:6803 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:6804 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:6810 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:7213 vendor-advisoryx_refsource_REDHAT
- RHSA-2024:11049 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2245910 issue-trackingx_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html url
- https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html url
- https://security.netapp.com/advisory/ntap-20231130-0002/ url