CVE-2019-18277HTTP Request Smuggling in Haproxy

CWE-444HTTP Request Smuggling7 documents7 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 23.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HaproxyDebian Haproxy
Timeline
PublishedOct 23
Latest updateMay 24

Description

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/haproxy< haproxy 2.0.6-1 (bookworm)
NVDhaproxy/haproxy< 2.0.6
Debianhaproxy/haproxy< 2.0.6-1+3

🔴Vulnerability Details

2
GHSA
GHSA-7r84-r685-grmg: A flaw was found in HAProxy before 22022-05-24
OSV
CVE-2019-18277: A flaw was found in HAProxy before 22019-10-23

📋Vendor Advisories

3
Ubuntu
HAproxy vulnerability2019-11-05
Red Hat
haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value2019-09-13
Debian
CVE-2019-18277: haproxy - A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a t...2019

💬Community

1
Bugzilla
CVE-2019-18277 haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value2019-10-08
CVE-2019-18277 — HTTP Request Smuggling in Haproxy | cvebase