An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | haproxy | <Â 2.2.16-1 | haproxy_2.2.16-1_all.deb |
Debian | 11 | all | haproxy | <Â 2.2.9-2+deb11u1 | haproxy_2.2.9-2+deb11u1_all.deb |
Debian | 10 | all | haproxy | <Â 1.8.19-1+deb10u3 | haproxy_1.8.19-1+deb10u3_all.deb |
Debian | 999 | all | haproxy | <Â 2.2.16-1 | haproxy_2.2.16-1_all.deb |
Debian | 13 | all | haproxy | <Â 2.2.16-1 | haproxy_2.2.16-1_all.deb |