Описание
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | released | 2.6.15-1ubuntu1 |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | 2.0.31-0ubuntu0.2 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 2.0.31-0ubuntu0.2 |
| jammy | released | 2.4.22-0ubuntu0.22.04.2 |
| lunar | released | 2.6.9-1ubuntu1.1 |
| mantic | released | 2.6.15-1ubuntu1 |
| trusty | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
7.2 High
CVSS3
Связанные уязвимости
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...
EPSS
7.2 High
CVSS3