WEB HAProxy h1_headers_to_hdr_list Empty Header Name Access Control Bypass (CVE-2023-25725)

Rule ID

1232442

Severity

Critical

Description

An access control bypass vulnerability has been reported in HAProxy. The vulnerability is due to improper parsing of incoming HTTP requests with empty header names.

Impact

Policy bypass

Recommendation

Update vendor's patch.

IPS Category

Buffer Overflow

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2023-25725

T1190

T0819

T0886

Keywords

N/A

Date Created

2023/03/28

Last Updated

2025/03/03

This website uses cookies to ensure you get the best experience on our website.

Learn more