HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "version 2.7.0, and version 2.6.1 to 2.6.7"
},
{
"last_affected": "version 2.7.0, and version 2.6.1 to 2.6.7"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25950.json",
"cna_assigner": "jpcert"
}{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"cpe:2.3:a:haproxy:haproxy:2.7.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2.6.1"
},
{
"last_affected": "2.6.7"
},
{
"introduced": "2.7.0"
},
{
"last_affected": "2.7.0"
}
]
}