CVE-2018-11469
Summary
| CVE | CVE-2018-11469 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-25 14:29:00 UTC |
| Updated | 2023-11-07 02:51:00 UTC |
| Description | Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Application | Haproxy | Haproxy | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-3663-1: HAProxy vulnerability | Ubuntu security notices | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| HAProxy CVE-2018-11469 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Repositories - haproxy-1.8.git/commit | CONFIRM | git.haproxy.org | Third Party Advisory |
| Repositories - haproxy-1.8.git/commit | git.haproxy.org | ||
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.