CVE-2023-25950

Published: Apr 11, 2023

Modified: Feb 11, 2025

PUBLISHED

Description

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.

Vendor	Product	Versions
HAProxy Technologies	HAProxy	affected `version 2.7.0, and version 2.6.1 to 2.6.7`

References

https://www.haproxy.org/

https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46

https://jvn.jp/en/jp/JVN38170084/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-25950

Description

Affected Products

References