vulnerability

Red Hat: CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	2023-11-02	2023-11-03	2025-01-28

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

2023-11-02

Added

2023-11-03

Modified

2025-01-28

Description

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

Solution(s)

redhat-upgrade-libecapredhat-upgrade-libecap-debuginforedhat-upgrade-libecap-debugsourceredhat-upgrade-libecap-develredhat-upgrade-squidredhat-upgrade-squid-debuginforedhat-upgrade-squid-debugsource

References

NVD-CVE-2023-46846
REDHAT-RHSA-2023:6266
REDHAT-RHSA-2023:6267
REDHAT-RHSA-2023:6268
REDHAT-RHSA-2023:6748
REDHAT-RHSA-2023:6801
REDHAT-RHSA-2023:7213

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today