CVE-2023-40225

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 10, 2023
Updated: Aug 18, 2023
CWE ID 444

Summary

CVE-2023-40225 is a vulnerability affecting HAProxy versions 2.0.32, 2.1.x, 2.2.x through 2.2.30, 2.3.x, 2.4.x through 2.4.23, 2.5.x, and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2. HAProxy incorrectly forwards empty Content-Length headers, which contradicts RFC 9110 section 8.6. In some rare instances, an HTTP/1 server behind HAProxy might interpret the payload as an additional request, leading to potential security risks. These risks include request smuggling and injection attacks, which could result in unauthorized data access or server misconfiguration. Update to the latest HAProxy version to mitigate these risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share