HAProxy HTTP Request/Response Smuggling Vulnerability Allows Sensitive Information Access
CVE-2024-53008

5.3MEDIUM

Key Information:

Vendor: Haproxy Project
Status: Haproxy 2.6; Haproxy 2.8; Haproxy 2.9; Haproxy 3.0
Vendor: CVE Published:; 28 November 2024

🔔 Create Haproxy Project Vulnerability Alert

What is CVE-2024-53008?

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.

Affected Version(s)

HAProxy 2.6 2.6.18 and earlier

HAProxy 2.8 2.8.10 and earlier

HAProxy 2.9 2.9.9 and earlier

References

https://www.haproxy.org/

https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1af...

https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2024
Vulnerability Reserved
Nov 18, 2024