Описание
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | |
| bionic | released | 1.8.8-1ubuntu0.1 |
| devel | released | 1.8.9-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| esm-infra/bionic | released | 1.8.8-1ubuntu0.1 |
| esm-infra/xenial | not-affected | |
| precise/esm | DNE | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | needs-triage |
Показывать по
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
Incorrect caching of responses to requests including an Authorization ...
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
Уязвимость функции check_request_for_cacheability серверного программного обеспечения HAProxy, позволяющая нарушителю раскрыть защищаемую информацию
4.3 Medium
CVSS2
5.9 Medium
CVSS3