Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6530-2

Ubuntu Security Notice 6530-2 - Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.

Packet Storm
#vulnerability#ubuntu
==========================================================================Ubuntu Security Notice USN-6530-2July 23, 2024haproxy vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:HAProxy could be made to expose sensitive information.Software Description:- haproxy: fast and reliable load balancing reverse proxyDetails:Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handledURI components containing the hash character (#). A remote attacker couldpossibly use this issue to obtain sensitive information, or to bypasscertain path_end rules.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS   haproxy                         1.8.8-1ubuntu0.13+esm2                                   Available with Ubuntu ProUbuntu 16.04 LTS   haproxy                         1.6.3-1ubuntu0.3+esm1                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6530-2   https://ubuntu.com/security/notices/USN-6530-1   CVE-2023-45539

Related news

Red Hat Security Advisory 2024-9945-03

Red Hat Security Advisory 2024-9945-03 - An update for haproxy is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Security Advisory 2024-8874-03

Red Hat Security Advisory 2024-8874-03 - An update for haproxy is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Security Advisory 2024-8849-03

Red Hat Security Advisory 2024-8849-03 - An update for haproxy is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-1142-03

Red Hat Security Advisory 2024-1142-03 - An update for haproxy is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-1089-03

Red Hat Security Advisory 2024-1089-03 - An update for haproxy is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Debian Security Advisory 5590-1

Debian Linux Security Advisory 5590-1 - Several vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which can result in HTTP request smuggling or information disclosure.

Ubuntu Security Notice USN-6530-1

Ubuntu Security Notice 6530-1 - It was discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.

CVE-2023-45539: Ambiguity about how to deal with received fragments in URI from Willy Tarreau on 2023-07-27 ([email protected] from July to September 2023)

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution