CVE-2022-0711

Updated: 2024-11-30 02:37:25.309721

Description:

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 8.4 ELS haproxy 1.8.27-2 7.5 HIGH Not Vulnerable 2022-04-22 16:06:31
CentOS 8.5 ELS haproxy 1.8.27-2 7.5 HIGH Not Vulnerable 2022-04-22 16:06:31