CVE-2023-46846
Squid: request/response smuggling in http/1.1 and icap
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Productos afectados
squidRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Extended Update Support¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2023:6266https://access.redhat.com/errata/RHSA-2023:6267https://access.redhat.com/errata/RHSA-2023:6268https://access.redhat.com/errata/RHSA-2023:6748https://access.redhat.com/errata/RHSA-2023:6801https://access.redhat.com/errata/RHSA-2023:6803https://access.redhat.com/errata/RHSA-2023:6804https://access.redhat.com/errata/RHSA-2023:6810https://access.redhat.com/errata/RHSA-2023:7213https://access.redhat.com/errata/RHSA-2024:11049https://access.redhat.com/security/cve/CVE-2023-46846https://bugzilla.redhat.com/show_bug.cgi?id=2245910