Описание
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render the HTTP/1 server vulnerable to attacks in some uncommon cases.
Меры по смягчению последствий
This flaw can be mitigated by applying a rule to explicitly reject any requests with an empty Content-Lenght header. The following line can be added to any frontend configurations at the /etc/haproxy/haproxy.cfg file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 2 | haproxy | Not affected | ||
| Red Hat Ceph Storage 5 | haproxy | Affected | ||
| Red Hat Enterprise Linux 6 | haproxy | Out of support scope | ||
| Red Hat Enterprise Linux 7 | haproxy | Out of support scope | ||
| Red Hat Enterprise Linux 8 | haproxy | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | haproxy | Out of support scope | ||
| Red Hat Software Collections | rh-haproxy18-haproxy | Will not fix | ||
| Red Hat Enterprise Linux 9 | haproxy | Fixed | RHSA-2024:1142 | 05.03.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | haproxy | Fixed | RHSA-2024:1089 | 05.03.2024 |
| Red Hat OpenShift Container Platform 4.11 | haproxy | Fixed | RHSA-2024:0308 | 25.01.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...
EPSS
7.5 High
CVSS3