Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-11469

Опубликовано: 25 мая 2018
Источник: redhat
CVSS3: 7.5

Описание

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.

Отчет

Red Hat Product Security has rated this issue as having a security impact of Moderate, and a future update may address this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6haproxyNot affected
Red Hat Enterprise Linux 7haproxyNot affected
Red Hat Enterprise Linux 8haproxyNot affected
Red Hat OpenShift Enterprise 3haproxyNot affected
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-haproxy18-haproxyFixedRHSA-2019:143611.06.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUSrh-haproxy18-haproxyFixedRHSA-2019:143611.06.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSrh-haproxy18-haproxyFixedRHSA-2019:143611.06.2019
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSrh-haproxy18-haproxyFixedRHSA-2019:143611.06.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1582635haproxy: Information disclosure in check_request_for_cacheability function in proto_http.c

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-11469

CVSS3: 5.9
ubuntu
больше 7 лет назад

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.

nvd логотип

CVE-2018-11469

CVSS3: 5.9
nvd
больше 7 лет назад

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.

debian логотип

CVE-2018-11469

CVSS3: 5.9
debian
больше 7 лет назад

Incorrect caching of responses to requests including an Authorization ...

github логотип

GHSA-2m5p-jq2g-4fw5

CVSS3: 5.9
github
больше 3 лет назад

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.

fstec логотип

BDU:2019-02451

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость функции check_request_for_cacheability серверного программного обеспечения HAProxy, позволяющая нарушителю раскрыть защищаемую информацию

7.5 High

CVSS3