CVE-2023-46846

Опубликовано: 03 нояб. 2023

Источник: debian

EPSS Низкий

Описание

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
squid	fixed	6.5-1		package
squid3	removed			package

Примечания

https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh

EPSS

Процентиль: 92%

0.08411

Низкий

Связанные уязвимости

CVE-2023-46846

CVSS3: 9.3

ubuntu

больше 1 года назад

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

CVE-2023-46846

CVSS3: 9.3

redhat

больше 1 года назад

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

CVE-2023-46846

CVSS3: 9.3

nvd

больше 1 года назад

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

ELSA-2024-11049

oracle-oval

4 месяца назад

ELSA-2024-11049: squid security update (IMPORTANT)

BDU:2023-08063

CVSS3: 5.3

fstec

больше 1 года назад

Уязвимость декодера chunked прокси-сервера Squid, позволяющая нарушителю взаимодействовать с сервером напрямую

EPSS

Процентиль: 92%

0.08411

Низкий