7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
54.0%
Haproxy is vulnerable to HTTP Request Smuggling. This vulnerability exists in the HTTP/1 server, which interprets a payload as an extra request due to empty Content-Length headers being forwarded. This allows an attacker to inject malicious payloads into the system
CPE | Name | Operator | Version |
---|---|---|---|
haproxy:sid | eq | 2.2.5-2 | |
haproxy:sid | eq | 2.2.5-2 | |
haproxy:bullseye | eq | 2.2.5-2 |
cwe.mitre.org/data/definitions/436.html
github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856
github.com/haproxy/haproxy/issues/2237
security-tracker.debian.org/tracker/CVE-2023-40225
www.haproxy.org/download/2.6/src/CHANGELOG
www.haproxy.org/download/2.7/src/CHANGELOG
www.haproxy.org/download/2.8/src/CHANGELOG