Lucene search

K

RedosROS-20240401-04

HistoryApr 01, 2024 - 12:00 a.m.

ROS-20240401-04

2024-04-0100:00:00

redos.red-soft.ru

9

haproxy

empty headers

vulnerability

http request smuggling

attack

unix

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

HAProxy server software vulnerability is related to forwarding empty headers
Content-Length. Exploitation of the vulnerability could allow an attacker acting remotely to perform an HTTP request smuggling attack.
an HTTP request smuggling attack.

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64haproxy<= 2.6.11-4UNKNOWN

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

Related for ROS-20240401-04

ubuntu2 alpinelinux1 prion1 nessus26 openvas11 cve1 ubuntucve1 redhatcve1 veracode1 cvelist1 debiancve1 cbl_mariner1 redhat7 osv6 wolfi1 mageia1 cgr1 nvd1 debian1 almalinux1 photon3 oraclelinux1 rosalinux1 ibm1