Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.10 | noarch | haproxy | < 2.4.18-1ubuntu1.2 | UNKNOWN |
Ubuntu | 22.10 | noarch | haproxy-dbgsym | < 2.4.18-1ubuntu1.2 | UNKNOWN |
Ubuntu | 22.10 | noarch | haproxy-doc | < 2.4.18-1ubuntu1.2 | UNKNOWN |
Ubuntu | 22.10 | noarch | vim-haproxy | < 2.4.18-1ubuntu1.2 | UNKNOWN |
Ubuntu | 22.04 | noarch | haproxy | < 2.4.18-0ubuntu1.2 | UNKNOWN |
Ubuntu | 22.04 | noarch | haproxy-dbgsym | < 2.4.18-0ubuntu1.2 | UNKNOWN |
Ubuntu | 22.04 | noarch | haproxy-doc | < 2.4.18-0ubuntu1.2 | UNKNOWN |
Ubuntu | 22.04 | noarch | vim-haproxy | < 2.4.18-0ubuntu1.2 | UNKNOWN |
Ubuntu | 20.04 | noarch | haproxy | < 2.0.29-0ubuntu1.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | haproxy-dbgsym | < 2.0.29-0ubuntu1.3 | UNKNOWN |