CVE-2018-11469

Name of the Vulnerable Software and Affected Versions HAProxy versions 1.8.0 through 1.8.9

Description The issue is related to incorrect caching of responses to requests including an Authorization header, which allows attackers to achieve information disclosure via an unauthenticated remote request. This is connected to the check request for cacheability function in proto http.c. The vulnerability is associated with a lack of protection for service data, enabling a remote attacker to disclose protected information using an unauthenticated remote request.

Recommendations For HAProxy versions 1.8.0 through 1.8.9, consider disabling the cache functionality as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.