AVG-2304 log
| Package | haproxy |
| Status | Fixed |
| Severity | Medium |
| Type | insufficient validation |
| Affected | 2.4.2-1 |
| Fixed | 2.4.3-1 |
| Current | 2.9.7-1 [extra] |
| Ticket | None |
| Created | Mon Aug 23 10:56:43 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-39242 | Medium | Yes | Insufficient validation | An issue was discovered in HAProxy before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host... |
| CVE-2021-39241 | Medium | Yes | Insufficient validation | An issue was discovered in HAProxy before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a... |
| CVE-2021-39240 | Medium | Yes | Insufficient validation | An issue was discovered in HAProxy before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example,... |