vulnerability

Amazon Linux AMI 2: CVE-2021-39242: Security patch for haproxy2 (ALASHAPROXY2-2023-005)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	08/17/2021	09/28/2023	11/26/2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

08/17/2021

Added

09/28/2023

Modified

11/26/2024

Description

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.

Solution(s)

amazon-linux-ami-2-upgrade-haproxy2amazon-linux-ami-2-upgrade-haproxy2-debuginfo

References

AMAZON-AL2/ALASHAPROXY2-2023-005
CVE-2021-39242
https://attackerkb.com/topics/CVE-2021-39242

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today