CVE-2023-25950

HIGH Year: 2023
CVSS v3 Score
7.3
High
Weakness Type
CWE-444
View all →

Vulnerability Description

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.

Related Vulnerabilities

CVE-2021-42791

HIGH
CVSS:7.3(High)

An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push n...

CWE-4442021

CVE-2023-40225

HIGH
CVSS:7.2(High)

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers...

CWE-4442023

CVE-2017-15643

HIGH
CVSS:7.4(High)

An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum a...

CWE-4442017

CVE-2020-8201

HIGH
CVSS:7.4(High)

Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, ...

CWE-4442020

CVE-2023-4639

HIGH
CVSS:7.4(High)

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltra...

CWE-4442023

CVE-2024-12397

HIGH
CVSS:7.4(High)

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfi...

CWE-4442024