CVE-2023-45539

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*

History

15 Oct 2024, 18:35

Type Values Removed Values Added
CWE CWE-116

14 Dec 2023, 17:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2023/12/msg00010.html -

04 Dec 2023, 19:32

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.2
References () https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html - () https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html - Mailing List
References () https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6 - () https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6 - Broken Link
References () https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html - () https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html - Release Notes

28 Nov 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-28 20:15

Updated : 2024-10-15 18:35


NVD link : CVE-2023-45539

Mitre link : CVE-2023-45539

CVE.ORG link : CVE-2023-45539


JSON object : View

Products Affected

haproxy

  • haproxy
CWE
NVD-CWE-noinfo CWE-116

Improper Encoding or Escaping of Output