Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.8.8-1ubuntu0.13", "binary_name": "haproxy" }, { "binary_version": "1.8.8-1ubuntu0.13", "binary_name": "haproxy-dbgsym" }, { "binary_version": "1.8.8-1ubuntu0.13", "binary_name": "haproxy-doc" }, { "binary_version": "1.8.8-1ubuntu0.13", "binary_name": "vim-haproxy" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "2.0.29-0ubuntu1.3", "binary_name": "haproxy" }, { "binary_version": "2.0.29-0ubuntu1.3", "binary_name": "haproxy-dbgsym" }, { "binary_version": "2.0.29-0ubuntu1.3", "binary_name": "haproxy-doc" }, { "binary_version": "2.0.29-0ubuntu1.3", "binary_name": "vim-haproxy" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "2.4.18-0ubuntu1.2", "binary_name": "haproxy" }, { "binary_version": "2.4.18-0ubuntu1.2", "binary_name": "haproxy-dbgsym" }, { "binary_version": "2.4.18-0ubuntu1.2", "binary_name": "haproxy-doc" }, { "binary_version": "2.4.18-0ubuntu1.2", "binary_name": "vim-haproxy" } ] }