Описание
ELSA-2024-8849: haproxy security update (MODERATE)
[1.8.27-5.1]
- Reject '#' as part of URI path component (CVE-2023-45539, RHEL-18168)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
haproxy
1.8.27-5.el8_10.1
Oracle Linux x86_64
haproxy
1.8.27-5.el8_10.1
Связанные CVE
Связанные уязвимости
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...
