CVE-2024-53008

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: HAProxy (affected versions not specified)

Description: The issue is related to an inconsistent interpretation of HTTP requests, also known as 'HTTP Request/Response Smuggling' or 'Contrabando de solicitudes/respuestas HTTP'. This allows a remote attacker to access a restricted path by bypassing the Access Control List (ACL) set on the product, potentially obtaining sensitive information. The vulnerability is associated with deficiencies in handling HTTP requests.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALT-PU-2025-3203

ALT-PU-2025-5145

BDU:2024-10643

BIT-HAPROXY-2024-53008

CVE-2024-53008

OESA-2024-2545

OESA-2024-2546

OESA-2024-2547

OESA-2024-2548

OPENSUSE-SU-2024_4390-1

SUSE-SU-2024:4390-1

SUSE-SU-2024_4390-1

SUSE-SU-2025:20101-1

SUSE-SU-2025:20230-1

USN-7133-1

Affected Products

Alt Linux

Debian

Haproxy

Linuxmint

Red Os

Suse

Ubuntu

CVE-2024-53008

Weakness Enumeration

Related Identifiers

Affected Products

References · 38