CVE-2023-45539

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 2.8.2

Description The issue is related to HAProxy accepting # as part of the URI component. This could allow remote attackers to obtain sensitive information or have other unspecified impacts due to the misinterpretation of a path end rule. For example, it might route index.html#.png to a static server.

Recommendations For versions prior to 2.8.2, update to version 2.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information that could be exposed through the misinterpretation of URI components.

Fix

Authentication Bypass Using an Alternate Path or Channel

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-116

Related Identifiers

ALSA-2024:1142

ALSA-2024:8849

ALT-PU-2025-14636

AZL-32061

BDU:2024-02423

BIT-HAPROXY-2023-45539

CESA-2024_8849

CVE-2023-45539

DLA-3688-1

DSA-5590-1

INFSA-2024_1142

INFSA-2024_8849

OESA-2023-1886

OESA-2023-1918

OESA-2023-1919

RHSA-2024:10267

RHSA-2024:10271

RHSA-2024:1089

RHSA-2024:1142

RHSA-2024:4853

RHSA-2024:6412

RHSA-2024:8849

RHSA-2024:8874

RHSA-2024:9945

RHSA-2024_1142

RHSA-2024_8849

RLSA-2024:8849

SUSE-SU-2023:4645-1

SUSE-SU-2023:4646-1

SUSE-SU-2023:4647-1

SUSE-SU-2023_4645-1

SUSE-SU-2023_4647-1

SUSE-SU-2024:2377-1

USN-6530-1

USN-6530-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Haproxy

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-45539

Weakness Enumeration

Related Identifiers

Affected Products

References · 65