Quest Coexistence Manager for Notes HTTP Request Smuggling Vulnerability

Vulnerability

A vulnerability allowing HTTP request smuggling has been identified in Quest Coexistence Manager for Notes, specifically in the Free/Busy Connector modules, version 3.8.2045. This vulnerability arises from an inconsistent interpretation of HTTP requests, allowing attackers to exploit the Content-Length-Transfer-Encoding (CL.TE) attack vector. The exploitation of this vulnerability could enable attackers to bypass access controls, poison web caches, hijack sessions, or trigger unintended internal requests.

Impact

Exploitation of this vulnerability could lead to HTTP request smuggling, allowing attackers to bypass access controls, poison web caches, hijack sessions, or trigger unintended internal requests.

Added: Dec 19, 2025, 8:20 PM

Updated: Dec 19, 2025, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.6

threat

0.0

urgency

0.0

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.6

threat

0.0

urgency

0.0

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Quest Coexistence Manager for Notes HTTP Request Smuggling Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating