HAProxy Request Smuggling Vulnerability Allowing Access Control Bypass
Vulnerability
A request smuggling vulnerability has been identified in HAProxy versions prior to 2.7.3. This vulnerability may allow for a bypass of access control and routing rules by exploiting the HTTP/1 header parsing. The issue arises because the HAProxy HTTP header parsers can inadvertently accept empty header field names, leading to the unintentional loss of HTTP/1 headers in certain situations. As a result, some headers may disappear after being processed, creating opportunities to manipulate access controls. While the impact is limited for HTTP/2 and HTTP/3, where headers are discarded before processing, the vulnerability can still cause a denial-of-service by disrupting routing rules and access controls.
Impact
Exploitation of this vulnerability can lead to request smuggling, allowing attackers to bypass access controls and routing rules, potentially causing a denial-of-service by disrupting normal traffic management.
Remediation
Users can upgrade to HAProxy versions 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, or 2.0.31 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.