Описание
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
Отчет
This issue was introduced in HAProxy 1.9 with the Native HTTP Representation (HTX). Red Hat Enterprise Linux 6, 7, 8 and Red Hat Software Collections are not affected by this flaw, as they ship older versions of haproxy which do not include support for HTX.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | haproxy | Not affected | ||
| Red Hat Enterprise Linux 7 | haproxy | Not affected | ||
| Red Hat Enterprise Linux 8 | haproxy | Not affected | ||
| Red Hat Enterprise Linux 9 | haproxy | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | haproxy | Not affected | ||
| Red Hat Software Collections | rh-haproxy18-haproxy | Not affected | ||
| Red Hat OpenShift Container Platform 4.6 | haproxy | Fixed | RHSA-2022:1620 | 04.05.2022 |
| Red Hat OpenShift Container Platform 4.7 | haproxy | Fixed | RHSA-2022:1336 | 20.04.2022 |
| Red Hat OpenShift Container Platform 4.8 | haproxy | Fixed | RHSA-2022:1153 | 11.04.2022 |
| Red Hat OpenShift Container Platform 4.9 | haproxy | Fixed | RHSA-2022:1021 | 29.03.2022 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
A flaw was found in the way HAProxy processed HTTP responses containin ...
7.5 High
CVSS3