从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:JVN#88385716 2. 漏洞名称:HAProxy vulnerable to HTTP request/response smuggling 3. 受影响的产品: - HAProxy 2.6 versions 2.6.18 and earlier - HAProxy 2.8 versions 2.8.10 and earlier - HAProxy 2.9 versions 2.9.9 and earlier - HAProxy 3.0 versions 3.0.2 and earlier 4. 描述: - HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. - When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack (CWE-444). 5. 影响: - A remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. - As a result, the attacker may obtain sensitive information. 6. 解决方案: - Update the software to the latest version according to the information provided by the developer. - The developer addressed the vulnerability in the following versions: - HAProxy version 2.6.19 - HAProxy version 2.8.11 - HAProxy version 2.9.10 - HAProxy version 3.0.3 7. 参考链接: - HAProxy - The Reliable, High Perf. TCP/HTTP Load Balancer - Repositories - haproxy-2.6.git/commit - Repositories - haproxy-2.8.git/commit - Repositories - haproxy-2.9.git/commit - Repositories - haproxy-3.0.git/commit 8. CVSS评分: - CVSS v3: 3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - Base Score: 5.3 这些信息可以帮助用户了解漏洞的详细情况、受影响的产品版本、解决方案以及相关的参考链接。