HAProxy prior to 2.8.2 accepts # as part of the URI component, which might allow remote malicious users to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haproxy haproxy |