CVE-2023-25950 — HTTP Request Smuggling in Haproxy

CWE-444 — HTTP Request Smuggling6 documents6 sources

Severity

7.3HIGHNVD

EPSS

0.0%

top 86.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haproxy Debian Haproxy Haproxy Technologies Haproxy

Timeline

PublishedApr 11

Latest updateJan 11

Description

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages4 packages

▶debiandebian/haproxy< haproxy 2.6.8-1 (bookworm)

▶Debianhaproxy/haproxy< 2.6.8-1+2

▶NVDhaproxy/haproxy2.6.1 — 2.6.7+1

▶CVEListV5haproxy_technologies/haproxyversion 2.7.0, and version 2.6.1 to 2.6.7

🔴Vulnerability Details

OSV

CVE-2023-25950: HTTP request/response smuggling vulnerability in HAProxy version 2↗2023-04-11

▶

GHSA

GHSA-g72c-cx82-64hq: HTTP request/response smuggling vulnerability in HAProxy version 2↗2023-04-11

▶

📋Vendor Advisories

Red Hat

haproxy: malformed HTTP header field name can lead to HTTP request/response smuggling↗2023-04-11

▶

Debian

CVE-2023-25950: haproxy - HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6....↗2023

▶

📄Research Papers

arXiv

Securing an Application Layer Gateway: An Industrial Case Study↗2024-01-11

▶