CVE-2024-53008 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
haproxy	haproxy	2.6 ≤ 𝑥 ≤ 2.6.18	ADP
haproxy	haproxy	2.8 ≤ 𝑥 ≤ 2.8.10	ADP
haproxy	haproxy	2.9 ≤ 𝑥 ≤ 2.9.9	ADP
haproxy	haproxy	3.0 ≤ 𝑥 ≤ 3.0.2	ADP

Debian Releases

Debian Product

Codename

haproxy

bookworm	ignored
bookworm (security)	vulnerable
bullseye	2.2.9-2+deb11u6 not-affected
bullseye (security)	2.2.9-2+deb11u7 fixed
forky	3.2.10-1 fixed
sid	3.2.10-1 fixed
trixie	3.0.11-1+deb13u1 fixed
trixie (security)	3.0.11-1+deb13u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

haproxy

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	Fixed 2.8.5-1ubuntu3.2 released
oracular	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References

https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2

https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b

https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71

https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603

https://jvn.jp/en/jp/JVN88385716/

https://www.haproxy.org/