Vulnetix
Try Vulnetix Request Demo
BIT-haproxy-2023-40225 PUBLISHED CVSS 7.199999809265137 HIGH

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

Risk Scores

CVSS v3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Bitnamihaproxy0, 2.2.0, 2.4.0

Timeline

References

Open in Interactive Console →