Published: 28/11/2023 Updated: 14/12/2023

CVSS v3 Base Score: 8.2 | Impact Score: 4.2 | Exploitability Score: 3.9

VMScore: 0

HAProxy prior to 2.8.2 accepts # as part of the URI component, which might allow remote malicious users to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haproxy haproxy

HAProxy before 282 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing indexhtml#png to a static server (CVE-2023-45539) ...

DescriptionThe MITRE CVE dictionary describes this issue as: HAProxy before 282 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing indexhtml#png to a static server ...

NVD-CWE-noinfo https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6 https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html https://lists.debian.org/debian-lts-announce/2023/12/msg00010.html https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALASHAPROXY2-2024-008.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-45539

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect