Lucene search

Veracode Vulnerability DatabaseVERACODE:42914

HistoryAug 23, 2023 - 12:33 p.m.

HTTP Request Smuggling

2023-08-2312:33:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

haproxy

http request smuggling

vulnerability

payloads

attacker

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

54.0%

JSON

Haproxy is vulnerable to HTTP Request Smuggling. This vulnerability exists in the HTTP/1 server, which interprets a payload as an extra request due to empty Content-Length headers being forwarded. This allows an attacker to inject malicious payloads into the system

CPENameOperatorVersion
haproxy:sideq2.2.5-2
haproxy:sideq2.2.5-2
haproxy:bullseyeeq2.2.5-2

Name	Operator	Version
haproxy:sid	eq	2.2.5-2
haproxy:sid	eq	2.2.5-2
haproxy:bullseye	eq	2.2.5-2

References

cwe.mitre.org/data/definitions/436.html

github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856

github.com/haproxy/haproxy/issues/2237

security-tracker.debian.org/tracker/CVE-2023-40225

www.haproxy.org/download/2.6/src/CHANGELOG

www.haproxy.org/download/2.7/src/CHANGELOG

www.haproxy.org/download/2.8/src/CHANGELOG

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for VERACODE:42914