CVE-2016-3711

Опубликовано: 17 мар. 2016

Источник: redhat

CVSS2: 1.9

EPSS Низкий

Описание

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]SERVERID" cookie.

An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name "OPENSHIFT[namespace]_SERVERID" was set, which contained the internal IP address of a pod.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Enterprise 2	haproxy	Not affected
Red Hat OpenShift Enterprise 2	haproxy15side	Not affected
Red Hat OpenShift Container Platform 3.2	nodejs-openshift-auth-proxy	Fixed	RHSA-2016:1064	12.05.2016
Red Hat OpenShift Container Platform 3.2	nodejs-proxy-addr	Fixed	RHSA-2016:1064	12.05.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1322718haproxy: Setting cookie containing internal IP address of a pod

EPSS

Процентиль: 15%

0.00048

Низкий

1.9 Low

CVSS2

Связанные уязвимости

CVE-2016-3711

CVSS3: 3.3

ubuntu

больше 9 лет назад

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.

CVE-2016-3711

CVSS3: 3.3

nvd

больше 9 лет назад

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.

EPSS

Процентиль: 15%

0.00048

Низкий

1.9 Low

CVSS2