CVE-2023-40225
Description
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
Related CPE's
References
Release Notes
Release Notes
Technical Description
ExploitIssue TrackingVendor Advisory
Release Notes
Patch
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics