CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-46846

CVSS 9.3v3.1pub. 2023-11-03upd. 2024-12-18

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.09.0
  • Red Hat Enterprise Linux Eus

    OS
    Redhat
    8.68.89.09.2
  • Red Hat Enterprise Linux For Arm 64

    OS
    Redhat
    8.0_aarch64
  • Red Hat Enterprise Linux For IBM Z Systems

    OS
    Redhat
    8.0_s390x
  • Red Hat Enterprise Linux For Power Little Endian

    OS
    Redhat
    8.0_ppc64le
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    8.28.48.69.2
  • Red Hat Enterprise Linux Server Tus

    OS
    Redhat
    8.28.48.68.89.2
  • Squid Cache Squid

    APP
    Squid-Cache
    2.6 – 6.4 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Firewall
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam produkt

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...