[Japanese]

JVNDB-2024-000122

HAProxy vulnerable to HTTP request/response smuggling

Overview

HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack (CWE-444).

Yuki Mogi of FFRI Security, Inc. reported this vulnerability to the developer and coordinated. After the coordination was completed, JPCERT/CC coordinated with the developer to publish this advisory in order to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


HAProxy Technologies
  • HAProxy 2.6 versions 2.6.18 and earlier
  • HAProxy 2.8 versions 2.8.10 and earlier
  • HAProxy 2.9 versions 2.9.9 and earlier
  • HAProxy 3.0 versions 3.0.2 and earlier

Impact

A remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.
The developer addressed the vulnerability in the following versions:
  • HAProxy version 2.6.19
  • HAProxy version 2.8.11
  • HAProxy version 2.9.10
  • HAProxy version 3.0.3
Vendor Information

HAProxy Technologies
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2024-53008
References

  1. JVN : JVN#88385716
Revision History

  • [2024/11/27]
      Web page was published

Date Public2024/11/27
Date First Published2024/11/27
Date Last Updated2024/11/27