An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
{ "cpes": [ "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*" ], "severity": "High" }