Lucene search

GoogleOSV:BIT-HAPROXY-2023-25950

HistoryMar 06, 2024 - 10:53 a.m.

BIT-haproxy-2023-25950

2024-03-0610:53:25

Google

osv.dev

http smuggling

haproxy

vulnerability

remote attacker

request alteration

dos

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user’s request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.

CPENameOperatorVersion
haproxyle2.7.0
haproxylt2.6.7
haproxyge2.6.1
haproxyge2.7.0

Name	Operator	Version
haproxy	le	2.7.0
haproxy	lt	2.6.7
haproxy	ge	2.6.1
haproxy	ge	2.7.0

References

git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46

jvn.jp/en/jp/JVN38170084/

www.haproxy.org/

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

Related for OSV:BIT-HAPROXY-2023-25950