HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
CVSS Details
- CVSS 3.1 Base Score: 7.2
- CVSS 3.1 Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Alma_linux | alma-upgrade-haproxy | Mar 8, 2024 | Aug 10, 2023 | |
| Alpine Linux | alpine-linux-upgrade-haproxy | Mar 21, 2024 | Aug 10, 2023 | |
| Amazon Linux Ami 2 | amazon-linux-ami-2-upgrade-haproxy2amazon-linux-ami-2-upgrade-haproxy2-debuginfo | Sep 28, 2023 | Aug 10, 2023 | |
| Amazon_linux_2023 | amazon-linux-2023-upgrade-haproxyamazon-linux-2023-upgrade-haproxy-debuginfoamazon-linux-2023-upgrade-haproxy-debugsource | Feb 17, 2025 | Aug 10, 2023 | |
| Debian | debian-upgrade-haproxy | Jan 3, 2024 | Aug 10, 2023 | |
| Huawei Euleros 2_0_sp10 | huawei-euleros-2_0_sp10-upgrade-haproxy | Jan 10, 2024 | Aug 10, 2023 | |
| Huawei Euleros 2_0_sp11 | huawei-euleros-2_0_sp11-upgrade-haproxy | Jan 10, 2024 | Aug 10, 2023 | |
| Huawei Euleros 2_0_sp9 | huawei-euleros-2_0_sp9-upgrade-haproxy | Jan 10, 2024 | Aug 10, 2023 | |
| Oracle_linux | — | oracle-linux-upgrade-haproxy | Mar 6, 2024 | Aug 10, 2023 |
| Redhat Openshift | linuxrpm-upgrade-haproxy | Nov 30, 2023 | Aug 10, 2023 | |
| Redhat_linux | redhat-upgrade-haproxyredhat-upgrade-haproxy-debuginforedhat-upgrade-haproxy-debugsource | Mar 6, 2024 | Aug 10, 2023 | |
| Suse | — | suse-upgrade-haproxy | Aug 30, 2023 | Aug 10, 2023 |
| Ubuntu | ubuntu-upgrade-haproxy | Aug 17, 2023 | Aug 10, 2023 | |
| Vmware Photon_os | vmware-photon_os_update_tdnf | Jan 20, 2025 | Aug 10, 2023 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub