CVE-2023-40225 — HTTP Request Smuggling in Haproxy

CWE-444 — HTTP Request Smuggling CWE-20 — Improper Input Validation9 documents8 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 92.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haproxy

Timeline

PublishedAug 10

Latest updateAug 17

Description

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages2 packages

▶NVDhaproxy/haproxy2.5.0 — 2.6.15+5

▶Debianhaproxy/haproxy< 2.2.9-2+deb11u6+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-xgq7-jp95-v2qv: HAProxy through 2↗2023-08-10

▶

CVEList

CVE-2023-40225: HAProxy through 2↗2023-08-10

▶

OSV

CVE-2023-40225: HAProxy through 2↗2023-08-10

▶

📋Vendor Advisories

Ubuntu

HAProxy vulnerability↗2023-08-17

▶

Ubuntu

HAProxy vulnerability↗2023-08-16

▶

Red Hat

haproxy: Proxy forwards malformed empty Content-Length headers↗2023-08-10

▶

Microsoft

HAProxy through 2.0.32 2.1.x and 2.2.x through 2.2.30 2.3.x and 2.4.x through 2.4.23 2.5.x and 2.6.x before 2.6.15 2.7.x before 2.7.10 and 2.8.x before 2.8.2 forwards empty Content-Length headers viol↗2023-08-08

▶

Debian

CVE-2023-40225: haproxy - HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through ...↗2023

▶