Name | CVE-2024-53008 |
Description | Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
haproxy (PTS) | jessie, jessie (lts) | 1.5.8-3+deb8u4 | vulnerable |
stretch (security) | 1.7.5-2+deb9u1 | vulnerable | |
stretch (lts), stretch | 1.7.5-2+deb9u2 | vulnerable | |
buster (security), buster, buster (lts) | 1.8.19-1+deb10u5 | vulnerable | |
bullseye (security), bullseye | 2.2.9-2+deb11u6 | vulnerable | |
bookworm (security), bookworm | 2.6.12-1+deb12u1 | vulnerable | |
sid, trixie | 3.0.7-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
haproxy | source | (unstable) | 2.9.10-1 |
https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=fa8b221756076186315b6bbf17ef697ec1ef5695 (v2.6.19)
https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=94d74d24ec9c3710334ab2239b1996faab3ad01e (v2.6.19)
https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=94d305eaffc83dff3f59f5c2a3fbeb4710efa39a (v2.8.11)
https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=56ab17d34a32d9c15558c2c2d17b743e6d679cbd (v2.8.11)
https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=87fefebfbe3df218103502046a0871b235a48087 (v2.9.10)
https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=6748a47819c263d4631187b6f121b5344ab50d57 (v2.9.10)
https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=47d13c68cf198467a94e85a1caa44484a1e2e75c (v3.0.3)
https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=5ddc4004cb0c3c4ea4f4596577c85f004678e9c0 (v3.0.3)