HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
History

Wed, 06 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus

Tue, 15 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-116
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el8

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-28T00:00:00

Updated: 2024-10-15T17:44:03.661Z

Reserved: 2023-10-09T00:00:00

Link: CVE-2023-45539

cve-icon Vulnrichment

Updated: 2024-08-02T20:21:16.699Z

cve-icon NVD

Status : Modified

Published: 2023-11-28T20:15:07.817

Modified: 2024-10-15T18:35:08.890

Link: CVE-2023-45539

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-28T00:00:00Z

Links: CVE-2023-45539 - Bugzilla