We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-53008



Description

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.

Reserved 2024-11-18 | Published 2024-11-28 | Updated 2024-11-29 | Assigner jpcert


MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Product status

2.6.18 and earlier
affected

2.8.10 and earlier
affected

2.9.9 and earlier
affected

3.0.2 and earlier
affected

References

www.haproxy.org/

git.haproxy.org/...y-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2

git.haproxy.org/...y-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b

git.haproxy.org/...y-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71

git.haproxy.org/...y-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603

jvn.jp/en/jp/JVN88385716/

cve.org (CVE-2024-53008)

nvd.nist.gov (CVE-2024-53008)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-53008

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.