exploitDog

CVE-2021-40346

Опубликовано: 08 сент. 2021

Источник: debian

Описание

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
haproxy	fixed	2.2.16-3		package
haproxy	not-affected		buster	package
haproxy	not-affected		stretch	package

Примечания

https://www.mail-archive.com/haproxy@formilux.org/msg41114.html
https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95

Связанные уязвимости

CVE-2021-40346

CVSS3: 7.5

ubuntu

больше 4 лет назад

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

CVE-2021-40346

CVSS3: 7.5

redhat

больше 4 лет назад

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

CVE-2021-40346

CVSS3: 7.5

nvd

больше 4 лет назад

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

openSUSE-SU-2021:2975-1

suse-cvrf

больше 4 лет назад

Security update for haproxy

openSUSE-SU-2021:1329-1

suse-cvrf

больше 4 лет назад

Security update for haproxy