Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-18277
HistoryOct 23, 2019 - 12:00 a.m.

CVE-2019-18277

2019-10-2300:00:00
ubuntu.com
ubuntu.com
18

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.013

Percentile

85.9%

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages
featuring a transfer-encoding header missing the “chunked” value were not
being correctly rejected. The impact was limited but if combined with the
“http-reuse always” setting, it could be used to help construct an HTTP
request smuggling attack against a vulnerable component employing a lenient
parser that would ignore the content-length header as soon as it saw a
transfer-encoding one (even if not entirely valid according to the
specification).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchhaproxy< 1.8.8-1ubuntu0.7UNKNOWN
ubuntu19.04noarchhaproxy< 1.8.19-1ubuntu1.2UNKNOWN
ubuntu19.10noarchhaproxy< 2.0.5-1ubuntu0.2UNKNOWN
ubuntu16.04noarchhaproxy< 1.6.3-1ubuntu0.3UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.013

Percentile

85.9%