Primary

Context

Google Cloud Classic Application Load Balancer Request Smuggling Vulnerability

Vulnerability

Patched

A request smuggling vulnerability has been identified in the Google Cloud Classic Application Load Balancer. This vulnerability arises from improper handling of chunked-encoded HTTP requests, allowing attackers to craft requests that could be misinterpreted by backend servers. The issue has been resolved by disallowing stray data after a chunk, and the vulnerability is no longer exploitable. Classic Application Load Balancer service is not vulnerable after April 26, 2025.

Impact

Exploitation of this vulnerability allowed for request smuggling, where crafted HTTP requests could be misinterpreted by backend servers, potentially leading to unauthorized actions or access.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Cloud Classic Application Load Balancer Request Smuggling Vulnerability

Vulnerability

Impact

Affected Products

Google Kubernetes Engine

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating