AVG-2304 log
Package | haproxy |
Status | Fixed |
Severity | Medium |
Type | insufficient validation |
Affected | 2.4.2-1 |
Fixed | 2.4.3-1 |
Current | 3.0.6-1 [extra] |
Ticket | None |
Created | Mon Aug 23 10:56:43 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-39242 | Medium | Yes | Insufficient validation | An issue was discovered in HAProxy before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host... |
CVE-2021-39241 | Medium | Yes | Insufficient validation | An issue was discovered in HAProxy before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a... |
CVE-2021-39240 | Medium | Yes | Insufficient validation | An issue was discovered in HAProxy before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example,... |