Vulnerability Description
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haproxy | Haproxy | >= 1.8.0, <= 1.8.9 |
| Canonical | Ubuntu Linux | 18.04 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104347Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:1436
- https://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=17514045e5d934dede6211
- https://usn.ubuntu.com/3663-1/Third Party Advisory
- http://www.securityfocus.com/bid/104347Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:1436
- https://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=17514045e5d934dede6211
- https://usn.ubuntu.com/3663-1/Third Party Advisory
FAQ
What is CVE-2018-11469?
CVE-2018-11469 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated...
How severe is CVE-2018-11469?
CVE-2018-11469 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11469?
Check the references section above for vendor advisories and patch information. Affected products include: Haproxy Haproxy, Canonical Ubuntu Linux.