Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-39242

Published: 17/08/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Haproxy

Vulnerability Summary

An issue exists in HAProxy 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haproxy haproxy

debian debian linux 11.0

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian Security Advisories: DSA-4960-1 haproxy -- security update
Several vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which can result in HTTP request smuggling By carefully crafting HTTP/2 requests, it is possible to smuggle another HTTP request to the backend selected by the HTTP/2 request With certain configurations, it allows an attacker to send an HTTP requ ...
Amazon Linux 2: ALASHAPROXY2-2023-005
A flaw was found in haproxy An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters This may cause specially crafted input to bypass implemented security restrictions The highest threat from this vulnerability is confidentiality (CVE-2021-3924 ...
Red Hat: CVE-2021-39242
An issue was discovered in HAProxy 22 before 2216, 23 before 2313, and 24 before 243 It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled ...
Arch Linux Issues:
An issue was discovered in HAProxy before 243 It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled ...

References

CWE-755https://www.debian.org/security/2021/dsa-4960https://www.mail-archive.com/haproxy%40formilux.org/msg41041.htmlhttps://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPNY4WZIQUAUOCLIMUPC37AQWNXTWIQM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ALECUZDIMT5FYGP6V6PVSI4BKVZTZWN/https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4960
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook