A high-severity vulnerability has been identified in multiple Skipper products, which function as critical HTTP routers and reverse proxies. An unauthenticated remote attacker could exploit this flaw to bypass security controls, potentially leading to unauthorized access to backend services, data exposure, or complete system compromise. Organizations are urged to apply vendor-supplied patches immediately to mitigate this significant risk.

The vulnerability is a request smuggling flaw resulting from improper processing of ambiguous HTTP requests containing both Content-Length and Transfer-Encoding headers. An unauthenticated, remote attacker can craft a specialized HTTP request that is interpreted differently by the Skipper proxy and the backend service. This desynchronization allows the attacker to "smuggle" a malicious request past security filters and routing logic, potentially leading to authentication bypass, cache poisoning, or direct unauthorized access to sensitive internal API endpoints.

This vulnerability is rated as High severity with a CVSS score of 8.8, posing a direct and significant threat to the organization. Successful exploitation could lead to a severe security breach, allowing attackers to bypass authentication and access sensitive data or internal systems that are supposed to be protected by the proxy. Potential consequences include data exfiltration of customer or corporate information, service disruption, and the ability for an attacker to use the compromised proxy as a pivot point to launch further attacks against the internal network, impacting confidentiality, integrity, and availability.

Immediate Action:

• Immediately apply the security updates provided by the vendor across all affected Skipper instances.
• Prioritize patching for internet-facing systems first, followed by internal instances.
• After patching, review access logs for any indicators of compromise that may have occurred prior to remediation.

Proactive Monitoring:

• Monitor Skipper and backend application logs for malformed HTTP requests, specifically those with conflicting Content-Length and Transfer-Encoding headers.
• Implement alerting for unusual or unexpected requests from the Skipper proxy to backend services, such as requests to administrative endpoints.
• Monitor for any anomalous outbound network traffic or command execution activity on the systems hosting Skipper.

Compensating Controls:

• If immediate patching is not feasible, configure a Web Application Firewall (WAF) or upstream network device with strict HTTP protocol compliance rules to block ambiguous or malformed requests before they reach the Skipper proxy.
• Normalize ambiguous HTTP requests at the network edge to prevent them from being processed by vulnerable components.
• Temporarily restrict access to critical applications through the proxy until a patch can be applied.

Public Exploit Available: false

Given the high severity score and the critical role of Skipper as a reverse proxy, this vulnerability represents a significant risk to the organization. Although it is not currently listed on the CISA KEV list, its impact warrants immediate attention. We strongly recommend that all affected Skipper instances be patched on an emergency basis. If patching cannot be performed immediately, the compensating controls listed above should be implemented without delay to reduce the attack surface.