Conversation
New assessment for topic: CVE-2023-25950

Topic description: "HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request ..."

"HAProxy's HTTP/3 implementation fails to block a **malformed HTTP header field name**, and **when deployed in front of a server that incorrectly process this malformed header**, it may be used to conduct an HTTP request/response smuggling attack ..."

Link: https://attackerkb.com/assessments/410b285d-5724-4300-bcc4-603cc4c726ac
0
1
0