1. Home
  2. Vulnerabilities
  3. CVE-2023-46846

CVE-2023-46846

CVSS v3.1 5.3 (Medium)
53% Progress
EPSS 0.40 % (74th)
0.40% Progress
Affected Products 8
Advisories 21
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

Weaknesses
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2023-11-03 08:15:07
(10 months ago)
Updated Date
2024-01-22 20:15:46
(7 months ago)

Affected Products

Redhat

Squid-cache

Configuration #1

    CPE23 From Up To
  Squid-cache Squid from 2.6 version and prior 6.4 version cpe:2.3:a:squid-cache:squid >= 2.6 < 6.4

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
  Redhat Enterprise Linux 9.0 cpe:2.3:o:redhat:enterprise_linux:9.0
  Redhat Enterprise Linux Eus 8.6 cpe:2.3:o:redhat:enterprise_linux_eus:8.6
  Redhat Enterprise Linux Eus 8.8 cpe:2.3:o:redhat:enterprise_linux_eus:8.8
  Redhat Enterprise Linux Eus 9.0 cpe:2.3:o:redhat:enterprise_linux_eus:9.0
  Redhat Enterprise Linux Eus 9.2 cpe:2.3:o:redhat:enterprise_linux_eus:9.2
  Redhat Enterprise Linux for Arm 64 8.0 Aarch64 cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64
  Redhat Enterprise Linux for Ibm Z Systems 8.0 S390x cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x
  Redhat Enterprise Linux for Power Little Endian 8.0 Ppc64le cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le
  Redhat Enterprise Linux Server Aus 8.2 cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2
  Redhat Enterprise Linux Server Aus 8.4 cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4
  Redhat Enterprise Linux Server Aus 8.6 cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6
  Redhat Enterprise Linux Server Aus 9.2 cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2
  Redhat Enterprise Linux Server Tus 8.2 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2
  Redhat Enterprise Linux Server Tus 8.4 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4
  Redhat Enterprise Linux Server Tus 8.6 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6
  Redhat Enterprise Linux Server Tus 8.8 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8
  Redhat Enterprise Linux Server Tus 9.2 cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2