Yuki Mogi

Name of the Vulnerable Software and Affected Versions: HAProxy (affected versions not specified) Description: The issue is related to an inconsistent interpretation of HTTP requests, also known as 'HTTP Request/Response Smuggling' or 'Contrabando de solicitudes/respuestas HTTP'. This allows a remote attacker to access a restricted path by bypassing the Access Control List (ACL) set on the product, potentially obtaining sensitive information. The vulnerability is associated with deficiencies in handling HTTP requests. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HAProxy versions 2.6.1 through 2.6.7 HAProxy version 2.7.0 **Description** The issue allows a remote attacker to alter a legitimate user's request, potentially obtaining sensitive information or causing a denial-of-service (DoS) condition. **Recommendations** For HAProxy version 2.7.0, update to a version that includes a fix for this issue. For HAProxy versions 2.6.1 through 2.6.7, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.