Headline
CVE-2022-31125
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
Improper Authentication Control Leads To Access Critical Functions
Critical
Aidaho12 published GHSA-hr76-3hxp-5mm3
Jul 6, 2022
Package
Roxy-WI (Roxy-WI)
Affected versions
< 6.1.1.0
Description
Impact
A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxy- wi versions before 6.1.0.0.
Patches
In 6.1.1 version
Workarounds
No
References
No
Severity
CVSS base metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Weaknesses
Related news
Roxy WI version 6.1.0.0 suffers from an improper authentication control vulnerability.