Lucene search

K
osvGoogleOSV:USN-5869-1
HistoryFeb 14, 2023 - 5:09 p.m.

haproxy vulnerability

2023-02-1417:09:35
Google
osv.dev
8
haproxy
vulnerability
remote attacker
headers
authentication

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7.6 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7.6 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%