PT-2019-5250 · Haproxy+4 · Haproxy+4

Tim Düsterhus

·

Publicado

2019-11-25

·

Atualizado

2020-08-18

·

CVE-2019-19330

CVSS v2.0

10

Crítica

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 2.0.10
Description The issue is related to the HTTP/2 implementation in HAProxy, which mishandles headers. This can be exploited by an attacker to gain access to confidential data, disrupt data integrity, and cause a denial of service. The vulnerability is demonstrated by the improper handling of carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0).
Recommendations For HAProxy versions prior to 2.0.10, update to version 2.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to prevent exploitation.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

ALT-PU-2019-3294
ALT-PU-2020-1530
BDU:2020-02041
CESA-2020_1725
CVE-2019-19330
DSA-4577-1
RHSA-2020:1287
RHSA-2020:1725
RHSA-2020:1936
RHSA-2020:2265
RHSA-2020_1725
USN-4212-1

Produtos afetados

Alt Linux
Centos
Haproxy
Red Hat
Ubuntu