Published: 11/04/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9

VMScore: 0

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote malicious user to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haproxy haproxy 2.7.0
haproxy haproxy

DescriptionThe MITRE CVE dictionary describes this issue as: HTTP request/response smuggling vulnerability in HAProxy version 270, and 261 to 267 allows a remote attacker to alter a legitimate user's request As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition ...

https://dhmosfunk.github.io/

@dhmosfunk @apphacktheboxcom/profile/78776 Contributions to projects : Repository Topic Pull Request swisskyrepo/PayloadsAllTheThings SQL Injection Update the PostgreSQL Time Based Payloads for Database,Table,Columns Extract swisskyrepo/PayloadsAllTheThings HTTP Request Smuggling Add my tool for manually HTTP Request Smuggling exploitation Research HTTP3

CWE-444 https://jvn.jp/en/jp/JVN38170084/https://www.haproxy.org/https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46 https://nvd.nist.gov https://github.com/dhmosfunk/dhmosfunk https://access.redhat.com/security/cve/cve-2023-25950

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-25950

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect