Lucene search

K
redhatcveRedhat.comRH:CVE-2023-49288
HistoryDec 05, 2023 - 11:20 a.m.

CVE-2023-49288

2023-12-0511:20:17
redhat.com
access.redhat.com
17
cve-2023-49288
squid
http collapsed forwarding
denial of service
remote attack
mitigation

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

A flaw was found in Squid. The use of the HTTP Collapsed Forwarding configuration may allow an attacker to perform a denial of service remotely.

Mitigation

To mitigate this issue, lines for the 'collapsed_forwarding' feature have to be removed from your squid.conf.

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%