Published: 10/08/2023 Updated: 18/08/2023

CVSS v3 Base Score: 7.2 | Impact Score: 2.7 | Exploitability Score: 3.9

VMScore: 0

HAProxy up to and including 2.0.32, 2.1.x and 2.2.x up to and including 2.2.30, 2.3.x and 2.4.x up to and including 2.4.23, 2.5.x and 2.6.x prior to 2.6.15, 2.7.x prior to 2.7.10, and 2.8.x prior to 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haproxy haproxy

Debian Bug report logs - #1043502 haproxy: CVE-2023-40225 Package: src:haproxy; Maintainer for src:haproxy is Debian HAProxy Maintainers <team+haproxy@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 12 Aug 2023 05:33:02 UTC Severity: important Tags: security, upstream Found in v ...

Synopsis Important: OpenShift Container Platform 41157 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41157 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...

Synopsis Moderate: OpenShift Container Platform 41157 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41157 is now available with updates to pac ...

Synopsis Moderate: OpenShift Container Platform 41325 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41325 is now available with updates to pac ...

Synopsis Moderate: OpenShift Container Platform 41247 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41247 is now available withupdates to packages and imag ...

HAProxy through 2032, 21x and 22x through 2230, 23x and 24x through 2423, 25x and 26x before 2615, 27x before 2710, and 28x before 282 forwards empty Content-Length headers, violating RFC 9110 section 86 In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request (CVE-2023-40225) ...

DescriptionA flaw was found in HAProxy Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request This may render the HTTP/1 server vulnerable to attacks in some uncommon casesA flaw was found in HAProxy Empty Content-Length headers are forwarded, which could caus ...

Differential testing and fuzzing of HTTP servers and proxies

The HTTP Garden The HTTP Garden is a collection of HTTP servers and proxies configured to be composable, along with scripts to interact with them in a way that makes finding vulnerabilities much much easier For some cool demos of the vulnerabilities that you can find with the HTTP Garden, check out our ShmooCon 2024 talk Acknowledgements We'd like to thank our friends at

CWE-444 https://www.haproxy.org/download/2.8/src/CHANGELOG https://www.haproxy.org/download/2.6/src/CHANGELOG https://cwe.mitre.org/data/definitions/436.html https://github.com/haproxy/haproxy/issues/2237 https://www.haproxy.org/download/2.7/src/CHANGELOG https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043502 https://nvd.nist.gov https://github.com/narfindustries/http-garden https://alas.aws.amazon.com/AL2/ALASHAPROXY2-2023-007.html

CVE-2023-40225

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect