PublicDateAtUSN: 2019-10-23 14:15:00 UTC
Candidate: CVE-2019-18277
PublicDate: 2019-10-23 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18277
 https://nathandavison.com/blog/haproxy-http-request-smuggling
 https://www.mail-archive.com/haproxy@formilux.org/msg34926.html
 https://ubuntu.com/security/notices/USN-4174-1
Description:
 A flaw was found in HAProxy before 2.0.6. In legacy mode, messages
 featuring a transfer-encoding header missing the "chunked" value were not
 being correctly rejected. The impact was limited but if combined with the
 "http-reuse always" setting, it could be used to help construct an HTTP
 request smuggling attack against a vulnerable component employing a lenient
 parser that would ignore the content-length header as soon as it saw a
 transfer-encoding one (even if not entirely valid according to the
 specification).
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_haproxy:
 upstream: https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581
upstream_haproxy: released (2.0.6-1)
precise/esm_haproxy: DNE
trusty_haproxy: ignored (out of standard support)
trusty/esm_haproxy: DNE
xenial_haproxy: released (1.6.3-1ubuntu0.3)
esm-infra/xenial_haproxy: released (1.6.3-1ubuntu0.3)
bionic_haproxy: released (1.8.8-1ubuntu0.7)
disco_haproxy: released (1.8.19-1ubuntu1.2)
eoan_haproxy: released (2.0.5-1ubuntu0.2)
devel_haproxy: not-affected (2.0.8-1)