CVE-2023-40225
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2023-40225 is a vulnerability affecting HAProxy versions 2.0.32, 2.1.x, 2.2.x through 2.2.30, 2.3.x, 2.4.x through 2.4.23, 2.5.x, and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2. HAProxy incorrectly forwards empty Content-Length headers, which contradicts RFC 9110 section 8.6. In some rare instances, an HTTP/1 server behind HAProxy might interpret the payload as an additional request, leading to potential security risks. These risks include request smuggling and injection attacks, which could result in unauthorized data access or server misconfiguration. Update to the latest HAProxy version to mitigate these risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- HAProxy
Affected Vendors
- Haproxy