Login Sign Up

CVE-2023-25950

7.3 HIGH
Denial of Service

📋 TL;DR

This HTTP request smuggling vulnerability in HAProxy allows attackers to manipulate legitimate user requests by exploiting improper request/response handling. Attackers can potentially steal sensitive information or cause denial-of-service conditions. Only HAProxy versions 2.6.1-2.6.7 and 2.7.0 are affected.

💻 Affected Systems

Products:
  • HAProxy
Versions: 2.6.1 through 2.6.7, and version 2.7.0
Operating Systems: All platforms running affected HAProxy versions
Default Config Vulnerable: ⚠️ Yes
Notes: All HAProxy deployments using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Haproxy by Haproxy

View all CVEs affecting Haproxy →

Haproxy by Haproxy

View all CVEs affecting Haproxy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept and modify legitimate user requests to steal authentication tokens, session cookies, or sensitive data, potentially leading to account takeover or data breaches.

🟠

Likely Case

Attackers could poison cache responses, perform session hijacking, or cause service disruption through malformed requests that confuse backend servers.

🟢

If Mitigated

With proper patching and network segmentation, impact is limited to potential temporary service disruption without data compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

HTTP request smuggling vulnerabilities are commonly exploited in the wild, though no specific exploit code for this CVE has been publicly released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.8, 2.7.1, or later versions

Vendor Advisory: https://www.haproxy.org/

Restart Required: Yes

Instructions:

1. Download latest patched version from haproxy.org 2. Replace vulnerable binary 3. Restart HAProxy service 4. Verify version with 'haproxy -v'

🔧 Temporary Workarounds

Request validation at backend

all

Implement strict HTTP request validation at backend servers to reject malformed requests

Depends on backend application - implement HTTP request validation logic

🧯 If You Can't Patch

  • Implement WAF with HTTP request smuggling protection rules
  • Use network segmentation to isolate HAProxy from sensitive backend systems

🔍 How to Verify

Check if Vulnerable:

Run 'haproxy -v' and check if version is 2.6.1-2.6.7 or 2.7.0

Check Version:

haproxy -v

Verify Fix Applied:

Verify version is 2.6.8, 2.7.1 or later with 'haproxy -v'

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP request patterns
  • Malformed request headers
  • Backend server errors for valid requests

Network Indicators:

  • HTTP requests with conflicting Content-Length and Transfer-Encoding headers
  • Abnormal request/response timing

SIEM Query:

source="haproxy.log" AND ("malformed" OR "invalid" OR "error") AND http_request

📊 Metadata

CVE ID: CVE-2023-25950
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-444
Published: April 11, 2023
Last Updated: February 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25950, you might also want to check these:

CVE-2022-22536 10.0

CVE-2022-22536 is a critical HTTP request smuggling vulnerability in multiple SAP components that al...

Same vulnerability type (CWE-444)
CVE-2025-55315 9.9

CVE-2025-55315 is an HTTP request smuggling vulnerability in ASP.NET Core that allows an authenticat...

Same vulnerability type (CWE-444)
CVE-2023-29141 9.8

This vulnerability in MediaWiki allows attackers to trigger automatic IP blocking by manipulating th...

Same vulnerability type (CWE-444)