vulnerability
CentOS Linux: CVE-2019-19330: Moderate: haproxy security, bug fix, and enhancement update (CESA-2020:1725)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Nov 27, 2019 | Apr 29, 2020 | May 25, 2023 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Nov 27, 2019
Added
Apr 29, 2020
Modified
May 25, 2023
Description
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
Solution(s)
centos-upgrade-haproxycentos-upgrade-haproxy-debuginfocentos-upgrade-haproxy-debugsource
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.