9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
58.3%
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1
headers are inadvertently lost in some situations, aka “request smuggling.”
The HTTP header parsers in HAProxy may accept empty header field names,
which could be used to truncate the list of HTTP headers and thus make some
headers disappear after being parsed and processed for HTTP/1.0 and
HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers
disappear before being parsed and processed, as if they had not been sent
by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29,
and 2.0.31.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | haproxy | < 1.8.8-1ubuntu0.13 | UNKNOWN |
ubuntu | 20.04 | noarch | haproxy | < 2.0.29-0ubuntu1.3 | UNKNOWN |
ubuntu | 22.04 | noarch | haproxy | < 2.4.18-0ubuntu1.2 | UNKNOWN |
ubuntu | 22.10 | noarch | haproxy | < 2.4.18-1ubuntu1.2 | UNKNOWN |
ubuntu | 23.04 | noarch | haproxy | < 2.6.9-1ubuntu1 | UNKNOWN |
ubuntu | 23.10 | noarch | haproxy | < 2.6.9-1ubuntu1 | UNKNOWN |
ubuntu | 16.04 | noarch | haproxy | < any | UNKNOWN |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
58.3%