CVE-2018-11469

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
Configurations

Configuration 1 (hide)

cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

History

21 Nov 2024, 03:43

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/104347 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/104347 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2019:1436 - () https://access.redhat.com/errata/RHSA-2019:1436 -
References () https://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=17514045e5d934dede62116216c1b016fe23dd06 - () https://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=17514045e5d934dede62116216c1b016fe23dd06 -
References () https://usn.ubuntu.com/3663-1/ - Third Party Advisory () https://usn.ubuntu.com/3663-1/ - Third Party Advisory

07 Nov 2023, 02:51

Type Values Removed Values Added
References
  • {'url': 'https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06', 'name': 'https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • () https://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=17514045e5d934dede62116216c1b016fe23dd06 -

Information

Published : 2018-05-25 14:29

Updated : 2024-11-21 03:43


NVD link : CVE-2018-11469

Mitre link : CVE-2018-11469

CVE.ORG link : CVE-2018-11469


JSON object : View

Products Affected

canonical

  • ubuntu_linux

haproxy

  • haproxy
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor