CVE-2024-53008

Summary

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.

Affected Software

VendorProductVersion RangeStatus
HAProxy ProjectHAProxy 2.62.6.18 and earlieraffected
HAProxy ProjectHAProxy 2.82.8.10 and earlieraffected
HAProxy ProjectHAProxy 2.92.9.9 and earlieraffected
HAProxy ProjectHAProxy 3.03.0.2 and earlieraffected

Weaknesses

  • CWE-444: Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References