CVE-2023-40225
HIGH severity · CVSS 7.2 · CWE-444
7.2CVSS HIGH
Summary
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactLow
Integrity impactLow
Availability impactNone
Exploit probability (EPSS)0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856 ↗
Additional information
- NVD record
- https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856Patch
- https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856Patch
- https://github.com/haproxy/haproxy/issues/2237Advisory
- https://cwe.mitre.org/data/definitions/436.html
- https://www.haproxy.org/download/2.6/src/CHANGELOG
- https://www.haproxy.org/download/2.7/src/CHANGELOG
- https://www.haproxy.org/download/2.8/src/CHANGELOG
- https://cwe.mitre.org/data/definitions/436.html