CVE-2023-45539

Опубликовано: 28 нояб. 2023

Источник: redhat

CVSS3: 5.3

Описание

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Ceph Storage 5	haproxy	Affected
Red Hat Enterprise Linux 8	haproxy	Fixed	RHSA-2024:8849	05.11.2024
Red Hat Enterprise Linux 8.2 Advanced Update Support	haproxy	Fixed	RHSA-2024:9945	19.11.2024
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	haproxy	Fixed	RHSA-2024:10271	26.11.2024
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	haproxy	Fixed	RHSA-2024:10271	26.11.2024
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	haproxy	Fixed	RHSA-2024:10271	26.11.2024
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	haproxy	Fixed	RHSA-2024:8874	05.11.2024
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	haproxy	Fixed	RHSA-2024:8874	05.11.2024
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	haproxy	Fixed	RHSA-2024:8874	05.11.2024
Red Hat Enterprise Linux 8.8 Extended Update Support	haproxy	Fixed	RHSA-2024:10267	26.11.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-288

https://bugzilla.redhat.com/show_bug.cgi?id=2253037haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2023-45539

CVSS3: 8.2

ubuntu

больше 1 года назад

CVE-2023-45539

CVSS3: 8.2

nvd

больше 1 года назад

CVE-2023-45539

CVSS3: 8.2

debian

больше 1 года назад

HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...

SUSE-SU-2023:4647-1

suse-cvrf

больше 1 года назад

Security update for haproxy

SUSE-SU-2023:4645-1

suse-cvrf

больше 1 года назад

Security update for haproxy

5.3 Medium

CVSS3