Vulnerability Bulletins |
DSA-4577 haproxy - security update |
|
System information |
|
| Affected software | Debian |
Description |
|
|
Tim Düsterhus discovered that haproxy, a TCP/HTTP reverse proxy, didnot properly sanitize HTTP headers when converting from HTTP/2 toHTTP/1. This would allow a remote user to perform CRLF injections. More info: https://www.debian.org/security/2019/dsa-4577 |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2019-19330 and DSA-4577. |
Version history |
||
| Version | Comments | Date |
| 1.0 | Advisory issued | 2019-11-30 |