Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6530-2

Ubuntu Security Notice 6530-2 - Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.

Packet Storm
Open in Source
#vulnerability#ubuntu
==========================================================================Ubuntu Security Notice USN-6530-2July 23, 2024haproxy vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:HAProxy could be made to expose sensitive information.Software Description:- haproxy: fast and reliable load balancing reverse proxyDetails:Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handledURI components containing the hash character (#). A remote attacker couldpossibly use this issue to obtain sensitive information, or to bypasscertain path_end rules.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS   haproxy                         1.8.8-1ubuntu0.13+esm2                                   Available with Ubuntu ProUbuntu 16.04 LTS   haproxy                         1.6.3-1ubuntu0.3+esm1                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6530-2   https://ubuntu.com/security/notices/USN-6530-1   CVE-2023-45539

Related news

Red Hat Security Advisory 2024-1142-03

Red Hat Security Advisory 2024-1142-03 - An update for haproxy is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-1089-03

Red Hat Security Advisory 2024-1089-03 - An update for haproxy is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Debian Security Advisory 5590-1

Debian Linux Security Advisory 5590-1 - Several vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which can result in HTTP request smuggling or information disclosure.

Ubuntu Security Notice USN-6530-1

Ubuntu Security Notice 6530-1 - It was discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.

CVE-2023-45539: Ambiguity about how to deal with received fragments in URI from Willy Tarreau on 2023-07-27 ([email protected] from July to September 2023)

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

Packet Storm: Latest News

htmly 2.9.9 Cross Site Scripting
Packet Storm