Published: 02/03/2022 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an malicious user to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haproxy haproxy
redhat enterprise linux 7.0
redhat enterprise linux 8.0
redhat software collections -
redhat openshift container platform 4.0
debian debian linux 11.0

A flaw was discovered in the way HAProxy, a fast and reliable load balancing reverse proxy, processes HTTP responses containing the "Set-Cookie2" header, which can result in an unbounded loop, causing a denial of service For the stable distribution (bullseye), this problem has been fixed in version 229-2+deb11u3 We recommend that you upgrade yo ...

Synopsis Important: OpenShift Container Platform 4836 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4836 is now available withupdates to packages and imag ...

Synopsis Important: OpenShift Container Platform 4926 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4926 is now available withupdates to packages and imag ...

Synopsis Important: OpenShift Container Platform 4749 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4749 is now available withupdates to packages and imag ...

Synopsis Important: OpenShift Container Platform 4657 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4657 is now available withupdates to pack ...

Synopsis Moderate: OpenShift Container Platform 4657 security and extras update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4657 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...

Synopsis Moderate: Red Hat Advanced Cluster Management 2310 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 2310 GeneralAvailability release images, which provide security updates and bug fixesRed Hat Product Security has rated this update as having a secur ...

A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition The highest threat from this vulnerability is availability (CVE-2022-0711) ...

CWE-835 https://access.redhat.com/security/cve/cve-2022-0711 https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 https://www.debian.org/security/2022/dsa-5102 https://www.mail-archive.com/haproxy%40formilux.org/msg41833.html https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5102

Get Started

CVE-2022-0711

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect