CVE-2023-45539 – haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
https://notcve.org/view.php?id=CVE-2023-45539
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. HAProxy anterior a 2.8.2 acepta # como parte del componente URI, lo que podría permitir a atacantes remotos obtener información confidencial o tener otro impacto no especificado tras una mala interpretación de una regla path_end, como enrutar index.html#.png a un servidor estático. • https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6 https://lists.debian.org/debian-lts-announce/2023/12/msg00010.html https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html https://access.redhat.com/security/cve/CVE-2023-45539 https://bugzilla.redhat.com/show_bug.cgi?id=2253037 • CWE-116: Improper Encoding or Escaping of Output CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2023-40225 – haproxy: Proxy forwards malformed empty Content-Length headers
https://notcve.org/view.php?id=CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render the HTTP/1 server vulnerable to attacks in some uncommon cases. • https://cwe.mitre.org/data/definitions/436.html https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856 https://github.com/haproxy/haproxy/issues/2237 https://www.haproxy.org/download/2.6/src/CHANGELOG https://www.haproxy.org/download/2.7/src/CHANGELOG https://www.haproxy.org/download/2.8/src/CHANGELOG https://access.redhat.com/security/cve/CVE-2023-40225 https://bugzilla.redhat.com/show_bug.cgi?id=2231370 • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •