Emeric Brun

**Name of the Vulnerable Software and Affected Versions** HAProxy versions prior to 2.0.6 **Description** A flaw was found in the handling of HTTP requests. The issue is related to messages featuring a transfer-encoding header missing the "chunked" value, which were not being correctly rejected in legacy mode. If combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one, even if not entirely valid according to the specification. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "http-reuse always" setting in legacy mode until a patch is applied. Restrict access to components that employ lenient parsers to minimize the risk of exploitation.