Exploit for #VU74224 Inconsistent interpretation of HTTP requests in HAProxy

Cybersecurity Help s.r.o.

Published: 2024-04-05

Vulnerability identifier: #VU74224

Vulnerability risk: Medium

CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2023-25950

CWE-ID: CWE-444

Exploitation vector: Network

Exploits in database: 1

April 5, 2024
- HTTP3ONSTEROIDS (HTTP3ONSTEROIDS - A research on CVE-2023-25950 where HAProxy's HTTP/3 implementation fails to block a malformed HTTP header field name.) [Github]

Vulnerable software:
HAProxy
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: HAProxy