Vulnerability Description
Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc3
- https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b
- https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8c
- https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c28
- https://jvn.jp/en/jp/JVN88385716/
- https://www.haproxy.org/
FAQ
What is CVE-2024-53008?
CVE-2024-53008 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by...
How severe is CVE-2024-53008?
CVE-2024-53008 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-53008?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.