A high-severity vulnerability has been discovered in multiple Skipper products, which function as HTTP routers and reverse proxies. This flaw could allow a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to backend services. Successful exploitation could lead to sensitive data exposure, service disruption, or further compromise of the internal network.

This vulnerability is a request smuggling flaw caused by improper handling of ambiguous or malformed HTTP requests. An attacker can craft a specialized HTTP request with conflicting Content-Length and Transfer-Encoding headers. When Skipper processes this request and forwards it to a backend service, the discrepancy can cause the backend server to misinterpret the request boundaries, allowing the attacker's smuggled request to be prepended to the next legitimate user's request, leading to access control bypass, cache poisoning, or session hijacking.

This vulnerability is rated as High severity with a CVSS score of 8.1. As Skipper often serves as a critical entry point to an organization's infrastructure, its compromise has significant business implications. Exploitation could allow an attacker to bypass authentication mechanisms, access sensitive internal applications and data, deface web properties, or disrupt critical business services. This poses a direct risk to data confidentiality, integrity, and availability, potentially resulting in financial loss, regulatory penalties, and reputational damage.

Immediate Action: Apply vendor security updates to all affected Skipper instances immediately. After patching, review access logs and network traffic for any signs of anomalous requests or unauthorized access that may have occurred prior to remediation.

Proactive Monitoring: Security teams should configure monitoring to detect potential exploitation attempts. Look for HTTP requests containing both Content-Length and Transfer-Encoding headers, unusually formatted HTTP methods, or unexpected responses from backend services. Monitor for access patterns to sensitive endpoints that deviate from established baselines.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with strict RFC-compliant HTTP protocol enforcement in front of the Skipper instances. These WAF rules should be configured to normalize or block ambiguous requests, such as those with multiple, conflicting content-length headers, to mitigate the risk.

Public Exploit Available: false

Due to the high-severity rating (CVSS 8.1) and the critical function of the affected software, this vulnerability represents a significant risk to the organization. Although it is not currently listed on the CISA KEV catalog, its potential for enabling unauthorized access to internal systems requires immediate action. We strongly recommend that all affected Skipper instances be patched on an emergency basis. If patching is delayed, compensating controls such as a properly configured WAF should be deployed without delay to reduce the attack surface.