{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53008", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-11-18T23:29:20.816Z", "datePublished": "2024-11-28T02:10:43.901Z", "dateUpdated": "2024-11-29T20:55:24.521Z"}, "containers": {"cna": {"affected": [{"vendor": "HAProxy Project", "product": "HAProxy 2.6", "versions": [{"version": "2.6.18 and earlier", "status": "affected"}]}, {"vendor": "HAProxy Project", "product": "HAProxy 2.8", "versions": [{"version": "2.8.10 and earlier", "status": "affected"}]}, {"vendor": "HAProxy Project", "product": "HAProxy 2.9", "versions": [{"version": "2.9.9 and earlier", "status": "affected"}]}, {"vendor": "HAProxy Project", "product": "HAProxy 3.0", "versions": [{"version": "3.0.2 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling')", "lang": "en-US", "cweId": "CWE-444", "type": "CWE"}]}], "references": [{"url": "https://www.haproxy.org/"}, {"url": "https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2"}, {"url": "https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b"}, {"url": "https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71"}, {"url": "https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603"}, {"url": "https://jvn.jp/en/jp/JVN88385716/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-11-28T02:10:43.901Z"}}, "adp": [{"affected": [{"vendor": "haproxy", "product": "haproxy", "cpes": ["cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.6", "status": "affected", "lessThanOrEqual": "2.6.18", "versionType": "custom"}, {"version": "2.8", "status": "affected", "lessThanOrEqual": "2.8.10", "versionType": "custom"}, {"version": "2.9", "status": "affected", "lessThanOrEqual": "2.9.9", "versionType": "custom"}, {"version": "3.0", "status": "affected", "lessThanOrEqual": "3.0.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-29T20:53:41.790046Z", "id": "CVE-2024-53008", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T20:55:24.521Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-53008", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-29T20:53:41.790046Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"], "vendor": "haproxy", "product": "haproxy", "versions": [{"status": "affected", "version": "2.6", "versionType": "custom", "lessThanOrEqual": "2.6.18"}, {"status": "affected", "version": "2.8", "versionType": "custom", "lessThanOrEqual": "2.8.10"}, {"status": "affected", "version": "2.9", "versionType": "custom", "lessThanOrEqual": "2.9.9"}, {"status": "affected", "version": "3.0", "versionType": "custom", "lessThanOrEqual": "3.0.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T20:55:19.015Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "HAProxy Project", "product": "HAProxy 2.6", "versions": [{"status": "affected", "version": "2.6.18 and earlier"}]}, {"vendor": "HAProxy Project", "product": "HAProxy 2.8", "versions": [{"status": "affected", "version": "2.8.10 and earlier"}]}, {"vendor": "HAProxy Project", "product": "HAProxy 2.9", "versions": [{"status": "affected", "version": "2.9.9 and earlier"}]}, {"vendor": "HAProxy Project", "product": "HAProxy 3.0", "versions": [{"status": "affected", "version": "3.0.2 and earlier"}]}], "references": [{"url": "https://www.haproxy.org/"}, {"url": "https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2"}, {"url": "https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b"}, {"url": "https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71"}, {"url": "https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603"}, {"url": "https://jvn.jp/en/jp/JVN88385716/"}], "descriptions": [{"lang": "en", "value": "Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-444", "description": "Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling')"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-11-28T02:10:43.901Z"}}}, "cveMetadata": {"cveId": "CVE-2024-53008", "state": "PUBLISHED", "dateUpdated": "2024-11-29T20:55:24.521Z", "dateReserved": "2024-11-18T23:29:20.816Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-11-28T02:10:43.901Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information."}], "id": "CVE-2024-53008", "lastModified": "2024-11-28T03:15:16.363", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2024-11-28T03:15:16.363", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2"}, {"source": "vultures@jpcert.or.jp", "url": "https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b"}, {"source": "vultures@jpcert.or.jp", "url": "https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71"}, {"source": "vultures@jpcert.or.jp", "url": "https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603"}, {"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN88385716/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.haproxy.org/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{"bugzilla": {"description": "HAProxy: HTTP request smuggling in HAProxy", "id": "2329284", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329284"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-444", "details": ["Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.", "A flaw was found in HAProxy. This vulnerability allows a remote attacker to access a path restricted by the Access Control List (ACL) set on the product. As a result, the attacker may obtain sensitive information."], "name": "CVE-2024-53008", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Not affected", "package_name": "haproxy", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "haproxy", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "haproxy", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-11-28T02:10:43Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53008\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53008\nhttps://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2\nhttps://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b\nhttps://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71\nhttps://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603\nhttps://jvn.jp/en/jp/JVN88385716/\nhttps://www.haproxy.org/"], "statement": "This vulnerability affects HAProxy: 2.6.0 - 3.0.2. \nThe affected version of HAProxy is not shipped in RHEL.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.", "threat_severity": "Moderate"}