Description

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.

INFO

Published Date :

2024-11-28T02:10:43.901Z

Last Modified :

2024-11-29T20:55:24.521Z

Source :

jpcert
AFFECTED PRODUCTS

The following products are affected by CVE-2024-53008 vulnerability.

Vendors Products
Haproxy
  • Haproxy
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-53008.

URL Resource
https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2 cve-icon cve-icon cve-icon
https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b cve-icon cve-icon cve-icon
https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71 cve-icon cve-icon cve-icon
https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603 cve-icon cve-icon cve-icon
https://jvn.jp/en/jp/JVN88385716/ cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-53008 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-53008 cve-icon
https://www.haproxy.org/ cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact