CVE-2023-40225 - OpenCVE

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Haproxy	Haproxy

Configuration 1 [-]

OR	cpe:2.3:a:haproxy:haproxy::::::::
	cpe:2.3:a:haproxy:haproxy::::::::
	cpe:2.3:a:haproxy:haproxy::::::::
	cpe:2.3:a:haproxy:haproxy::::::::
	cpe:2.3:a:haproxy:haproxy::::::::
	cpe:2.3:a:haproxy:haproxy::::::::

References

Link	Resource
https://cwe.mitre.org/data/definitions/436.html	Technical Description
https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856	Patch
https://github.com/haproxy/haproxy/issues/2237	Exploit Issue Tracking Vendor Advisory
https://www.haproxy.org/download/2.6/src/CHANGELOG	Release Notes
https://www.haproxy.org/download/2.7/src/CHANGELOG	Release Notes
https://www.haproxy.org/download/2.8/src/CHANGELOG	Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-10T00:00:00

Updated: 2023-08-10T00:00:00

Reserved: 2023-08-10T00:00:00

Link: CVE-2023-40225

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-10T21:15:10.743

Modified: 2023-08-18T20:03:17.290

Link: CVE-2023-40225

JSON object: View

Redhat Information

No data.

CWE

CWE-444

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "023D059D-3A23-4CD9-85DF-119A32FB24B2", "versionEndIncluding": "2.0.32", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "26AB82A2-31F2-4ECA-838A-9A94520B5AEE", "versionEndIncluding": "2.2.30", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3F72E80-3A75-46BA-BC3A-40D87B7BFAF4", "versionEndIncluding": "2.4.23", "versionStartIncluding": "2.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "11561968-E0DC-4BFD-930F-52F96B4A4BBD", "versionEndExcluding": "2.6.15", "versionStartIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "855FF6D8-8F0E-4402-AF4D-9810A5080E72", "versionEndExcluding": "2.7.10", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D4FC3EF-9132-46E7-A43B-9074EC0C2EC1", "versionEndExcluding": "2.8.2", "versionStartIncluding": "2.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request."}], "id": "CVE-2023-40225", "lastModified": "2023-08-18T20:03:17.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-10T21:15:10.743", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "https://cwe.mitre.org/data/definitions/436.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/haproxy/haproxy/issues/2237"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.haproxy.org/download/2.6/src/CHANGELOG"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.haproxy.org/download/2.7/src/CHANGELOG"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.haproxy.org/download/2.8/src/CHANGELOG"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}