Описание
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
Отчет
This attack is limited to the HTTP/1.1 and ICAP protocols which support receiving Transfer-Encoding:chunked.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | squid | Will not fix | ||
| Red Hat Enterprise Linux 6 | squid34 | Will not fix | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | squid | Fixed | RHSA-2024:11049 | 16.12.2024 |
| Red Hat Enterprise Linux 8 | squid | Fixed | RHSA-2023:6267 | 02.11.2023 |
| Red Hat Enterprise Linux 8 | squid | Fixed | RHSA-2023:7213 | 14.11.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | squid | Fixed | RHSA-2023:6810 | 08.11.2023 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | squid | Fixed | RHSA-2023:6803 | 08.11.2023 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | squid | Fixed | RHSA-2023:6803 | 08.11.2023 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | squid | Fixed | RHSA-2023:6803 | 08.11.2023 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | squid | Fixed | RHSA-2023:6804 | 08.11.2023 |
Показывать по
Дополнительная информация
Статус:
9.3 Critical
CVSS3
Связанные уязвимости
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
SQUID is vulnerable to HTTP request smuggling, caused by chunked decod ...
Уязвимость декодера chunked прокси-сервера Squid, позволяющая нарушителю взаимодействовать с сервером напрямую
9.3 Critical
CVSS3