Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 up to and including 1.8.9 (if cache enabled) allows malicious users to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haproxy haproxy |
||
canonical ubuntu linux 18.04 |