Description
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References (16)
Scores
CVSS v3
9.3
EPSS
0.0958
EPSS Percentile
92.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-444
Status
published
Products (19)
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
redhat/enterprise_linux_eus
8.6
redhat/enterprise_linux_eus
8.8
redhat/enterprise_linux_eus
9.0
redhat/enterprise_linux_eus
9.2
redhat/enterprise_linux_for_arm_64
8.0_aarch64
redhat/enterprise_linux_for_ibm_z_systems
8.0_s390x
redhat/enterprise_linux_for_power_little_endian
8.0_ppc64le
redhat/enterprise_linux_server_aus
8.2
... and 9 more
Published
Nov 03, 2023
Tracked Since
Feb 18, 2026