Summary

SRA has identified a vulnerability in Quest Coexistence Manager for Notes that can lead to bypassing access controls, poisoning web caches, hijacking sessions, or triggering unintended internal requests.

CVE Identifiers

Vulnerability Details / Description

Quest Coexistence Manager for Notes (3.8.2045) is vulnerable in the Free/Busy Connector to HTTP request smuggling from an unauthenticated remote attacker. The front-end and back-end components rely on inconsistent header parsing, resulting in desynchronized request boundaries. In this case, the front-end server uses the `Content-Length` header to determine the end of the request body, forwarding the full request. The back-end server interprets the request using `Transfer-Encoding: chunked`, processing only the first chunk (declared as zero-length) and treating the remaining bytes as a new, separate request. The attacker embeds a second, hidden request in the body of the original message. Due to the parsing mismatch, this smuggled request is processed independently by the back-end server.

Severity

The CVSS base score of this vulnerability has been calculated to be 6.3 (Medium).
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear

Affected Versions and Models

Quest Coexistence Manager for Notes 3.8.2045

MITRE CWE Weakness Enumeration

CWE-444: Inconsistent Interpretation of HTTP Requests

Remediation Options

Update Quest Coexistence Manager for Notes to latest version.

Source

This vulnerability was discovered by Cam Lischke as part of research performed by Security Risk Advisors.

Timeframe

November 3, 2025 – SRA submits vulnerability support case to Quest.

November 4 through November 7, 2025 – SRA submits details of vulnerability to Quest.

December 9, 2025 – SRA notifies Quest of intent to publicly disclose.

December 12, 2025 – Quest acknowledges intent to publicly disclose.

December 17, 2025 – Quest notifies SRA of intent to create a knowledge base article for Quest Support Portal.