Security Advisory

CVE-2023-40225

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-08-10 00:00:00

Last updated 2024-10-09 20:14:29

Assigner mitre

State PUBLISHED

Description

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

← Browse all CVEs View on cve.org ↗