VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-rk4u-tzx6-rqbm

Essentials
Severities (28)
References (12)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-rk4u-tzx6-rqbm
Aliases	CVE-2024-53008
Summary	Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.
Status	Published
Exploitability	0.5
Weighted Severity	4.8
Risk	2.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53008.json
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2024-53008
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	5.3	https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2
ssvc	Track	https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2
cvssv3	5.3	https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b
ssvc	Track	https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b
cvssv3	5.3	https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71
ssvc	Track	https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71
cvssv3	5.3	https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603
ssvc	Track	https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603
cvssv3	5.3	https://jvn.jp/en/jp/JVN88385716/
ssvc	Track	https://jvn.jp/en/jp/JVN88385716/
cvssv3	5.3	https://www.haproxy.org/
ssvc	Track	https://www.haproxy.org/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53008.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-53008
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://www.haproxy.org/
2329284		https://bugzilla.redhat.com/show_bug.cgi?id=2329284
CVE-2024-53008		https://nvd.nist.gov/vuln/detail/CVE-2024-53008
JVN88385716		https://jvn.jp/en/jp/JVN88385716/
?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2		https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2
?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b		https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b
?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71		https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71
?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603		https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603
USN-7133-1		https://usn.ubuntu.com/7133-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53008.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-29T20:53:41Z/ Found at https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-29T20:53:41Z/ Found at https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-29T20:53:41Z/ Found at https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-29T20:53:41Z/ Found at https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://jvn.jp/en/jp/JVN88385716/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-29T20:53:41Z/ Found at https://jvn.jp/en/jp/JVN88385716/

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://www.haproxy.org/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-29T20:53:41Z/ Found at https://www.haproxy.org/

Exploit Prediction Scoring System (EPSS)

Percentile	0.3218
EPSS Score	0.00121
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:18:55.299601+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/7133-1/	36.1.3