vulnerability
Ubuntu: (CVE-2021-39241): haproxy vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Aug 17, 2021 | Nov 19, 2024 | Mar 27, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Aug 17, 2021
Added
Nov 19, 2024
Modified
Mar 27, 2026
Description
An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such as in the "GET /admin? HTTP/1.1 /static/images HTTP/1.1" example.
Solution
ubuntu-upgrade-haproxy
References
- CVE-2021-39241
- https://attackerkb.com/topics/CVE-2021-39241
- DEBIAN-DSA-4960
- EUVD-EUVD-2021-25603
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-25603
- https://ubuntu.com/security/notices/USN-5042-1
- https://www.cve.org/CVERecord?id=CVE-2021-39241
- https://www.mail-archive.com/[email protected]/msg41041.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.