Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-40225

Опубликовано: 10 авг. 2023
Источник: debian
EPSS Низкий

Описание

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
haproxyfixed2.6.15-1package
haproxynot-affectedbusterpackage

Примечания

  • https://github.com/haproxy/haproxy/issues/2237

  • https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856

  • https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=e8ba5e106444fc78558f4ff26e9ce946f89216f4 (v2.2.31)

  • https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=d17c50010d591d1c070e1cb0567a06032d8869e9 (v2.6.15)

EPSS

Процентиль: 7%
0.00029
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-40225

CVSS3: 7.2
ubuntu
больше 2 лет назад

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

redhat логотип

CVE-2023-40225

CVSS3: 7.5
redhat
больше 2 лет назад

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

nvd логотип

CVE-2023-40225

CVSS3: 7.2
nvd
больше 2 лет назад

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

msrc логотип

CVE-2023-40225

CVSS3: 7.2
msrc
около 2 лет назад

HAProxy through 2.0.32 2.1.x and 2.2.x through 2.2.30 2.3.x and 2.4.x through 2.4.23 2.5.x and 2.6.x before 2.6.15 2.7.x before 2.7.10 and 2.8.x before 2.8.2 forwards empty Content-Length headers violating RFC 9110 section 8.6. In uncommon cases an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

suse-cvrf логотип

SUSE-SU-2023:3490-1

suse-cvrf
около 2 лет назад

Security update for haproxy

EPSS

Процентиль: 7%
0.00029
Низкий