CVE-2019-19330
Description
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.957
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| haproxy security update(DSA-4577-1) haproxy_1.8.19-1+deb10u1_i386.deb | Linux |
| haproxy security update(DSA-4577-1) haproxy_1.8.19-1+deb10u1_amd64.deb | Linux |
| fast and reliable load balancing reverse proxy (USN-4212-1) haproxy_1.8.8-1ubuntu0.9_i386.deb | Linux |
| fast and reliable load balancing reverse proxy (USN-4212-1) haproxy_1.8.8-1ubuntu0.9_amd64.deb | Linux |
| fast and reliable load balancing reverse proxy (USN-4212-1) haproxy_2.0.5-1ubuntu0.3_i386.deb | Linux |
| fast and reliable load balancing reverse proxy (USN-4212-1) haproxy_2.0.5-1ubuntu0.3_amd64.deb | Linux |
| fast and reliable load balancing reverse proxy (USN-4212-1) haproxy_1.8.19-1ubuntu1.3_i386.deb | Linux |
| fast and reliable load balancing reverse proxy (USN-4212-1) haproxy_1.8.19-1ubuntu1.3_amd64.deb | Linux |
| (RHSA-2020:1725) haproxy security, bug fix, and enhancement update haproxy-1.8.23-3.el8.x86_64.rpm | Linux |
| (RHSA-2020:1725) haproxy security, bug fix, and enhancement update haproxy-debugsource-1.8.23-3.el8.x86_64.rpm | Linux |
| (CESA-2020:1725) haproxy security, bug fix, and enhancement update haproxy-1.8.23-3.el8.x86_64.rpm | Linux |
| (RHSA-2020:1725)Moderate: security, bug fix, and enhancement update haproxy-debuginfo-1.8.23-3.el8.x86_64.rpm | Linux |
| Haproxy update (ELSA-2020-1725) haproxy-1.8.23-3.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234