CVE-2024-53008

Опубликовано: 28 нояб. 2024

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.

A flaw was found in HAProxy. This vulnerability allows a remote attacker to access a path restricted by the Access Control List (ACL) set on the product. As a result, the attacker may obtain sensitive information.

Отчет

This vulnerability affects HAProxy: 2.6.0 - 3.0.2. The affected version of HAProxy is not shipped in RHEL.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Ceph Storage 5	haproxy	Not affected
Red Hat Enterprise Linux 7	haproxy	Not affected
Red Hat Enterprise Linux 8	haproxy	Not affected
Red Hat Enterprise Linux 9	haproxy	Not affected
Red Hat OpenShift Container Platform 4	haproxy	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-444

https://bugzilla.redhat.com/show_bug.cgi?id=2329284HAProxy: HTTP request smuggling in HAProxy

EPSS

Процентиль: 30%

0.00116

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-53008

CVSS3: 5.3

ubuntu

больше 1 года назад

CVE-2024-53008

CVSS3: 5.3

nvd

больше 1 года назад

CVE-2024-53008

CVSS3: 5.3

debian

больше 1 года назад

Inconsistent interpretation of HTTP requests ('HTTP Request/Response S ...

SUSE-SU-2024:4390-1

suse-cvrf

больше 1 года назад

Security update for haproxy

GHSA-qq72-vh82-fwv9

CVSS3: 5.3

github

больше 1 года назад

EPSS

Процентиль: 30%

0.00116

Низкий

5.3 Medium

CVSS3