Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-53008

Опубликовано: 28 нояб. 2024
Источник: debian
EPSS Низкий

Описание

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
haproxyfixed2.9.10-1package
haproxyignoredbookwormpackage
haproxynot-affectedbullseyepackage

Примечания

  • https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=fa8b221756076186315b6bbf17ef697ec1ef5695 (v2.6.19)

  • https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=94d74d24ec9c3710334ab2239b1996faab3ad01e (v2.6.19)

  • https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=94d305eaffc83dff3f59f5c2a3fbeb4710efa39a (v2.8.11)

  • https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=56ab17d34a32d9c15558c2c2d17b743e6d679cbd (v2.8.11)

  • https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=87fefebfbe3df218103502046a0871b235a48087 (v2.9.10)

  • https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=6748a47819c263d4631187b6f121b5344ab50d57 (v2.9.10)

  • https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=47d13c68cf198467a94e85a1caa44484a1e2e75c (v3.0.3)

  • https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=5ddc4004cb0c3c4ea4f4596577c85f004678e9c0 (v3.0.3)

EPSS

Процентиль: 39%
0.00171
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-53008

CVSS3: 5.3
ubuntu
10 месяцев назад

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.

redhat логотип

CVE-2024-53008

CVSS3: 5.3
redhat
10 месяцев назад

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.

nvd логотип

CVE-2024-53008

CVSS3: 5.3
nvd
10 месяцев назад

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.

suse-cvrf логотип

SUSE-SU-2024:4390-1

suse-cvrf
9 месяцев назад

Security update for haproxy

redos логотип

ROS-20241203-03

CVSS3: 5.3
redos
9 месяцев назад

Уязвимость haproxy

EPSS

Процентиль: 39%
0.00171
Низкий