HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Sep 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.14::el8 |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-28T00:00:00
Updated: 2024-08-02T20:21:16.699Z
Reserved: 2023-10-09T00:00:00
Link: CVE-2023-45539
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-28T20:15:07.817
Modified: 2023-12-14T17:15:07.860
Link: CVE-2023-45539
Redhat