Описание
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | |
| esm-infra/bionic | released | 1.8.8-1ubuntu0.13+esm2 |
| esm-infra/focal | not-affected | 2.0.31-0ubuntu0.3 |
| esm-infra/xenial | released | 1.6.3-1ubuntu0.3+esm1 |
| focal | released | 2.0.31-0ubuntu0.3 |
| jammy | released | 2.4.22-0ubuntu0.22.04.3 |
| lunar | released | 2.6.9-1ubuntu1.2 |
| mantic | not-affected | 2.6.15-1ubuntu2 |
| noble | not-affected |
Показывать по
EPSS
8.2 High
CVSS3
Связанные уязвимости
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...
EPSS
8.2 High
CVSS3