Vulnerabilities > CVE-2018-11469 - Information Exposure vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-824.NASL description This update for haproxy to version 1.8.14 fixes the following issues : These security issues were fixed : - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpack_valid_idx() that resulted in a remote crash and denial of service (bsc#1108683) - CVE-2018-11469: Incorrect caching of responses to requests including an Authorization header allowed attackers to achieve information disclosure via an unauthenticated remote request (bsc#1094846). These non-security issues were fixed : - Require apparmor-abstractions to reduce dependencies (bsc#1100787) - hpack: fix improper sign check on the header index value - cli: make sure the last seen 2020-06-01 modified 2020-06-02 plugin id 123348 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123348 title openSUSE Security Update : haproxy (openSUSE-2019-824) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-824. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(123348); script_version("1.2"); script_cvs_date("Date: 2020/01/30"); script_cve_id("CVE-2018-11469", "CVE-2018-14645"); script_name(english:"openSUSE Security Update : haproxy (openSUSE-2019-824)"); script_summary(english:"Check for the openSUSE-2019-824 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for haproxy to version 1.8.14 fixes the following issues : These security issues were fixed : - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpack_valid_idx() that resulted in a remote crash and denial of service (bsc#1108683) - CVE-2018-11469: Incorrect caching of responses to requests including an Authorization header allowed attackers to achieve information disclosure via an unauthenticated remote request (bsc#1094846). These non-security issues were fixed : - Require apparmor-abstractions to reduce dependencies (bsc#1100787) - hpack: fix improper sign check on the header index value - cli: make sure the 'getsock' command is only called on connections - tools: fix set_net_port() / set_host_port() on IPv4 - patterns: fix possible double free when reloading a pattern list - server: Crash when setting FQDN via CLI. - kqueue: Don't reset the changes number by accident. - snapshot: take the proxy's lock while dumping errors - http/threads: atomically increment the error snapshot ID - dns: check and link servers' resolvers right after config parsing - h2: fix risk of memory leak on malformated wrapped frames - session: fix reporting of handshake processing time in the logs - stream: use atomic increments for the request counter - thread: implement HA_ATOMIC_XADD() - ECC cert should work with TLS < v1.2 and openssl >= 1.1.1 - dns/server: fix incomatibility between SRV resolution and server state file - hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0. - thread: lua: Wrong SSL context initialization. - hlua: Make sure we drain the output buffer when done. - lua: reset lua transaction between http requests - mux_pt: dereference the connection with care in mux_pt_wake() - lua: Bad HTTP client request duration. - unix: provide a ->drain() function - Fix spelling error in configuration doc - cli/threads: protect some server commands against concurrent operations - cli/threads: protect all 'proxy' commands against concurrent updates - lua: socket timeouts are not applied - ssl: Use consistent naming for TLS protocols - dns: explain set server ... fqdn requires resolver - map: fix map_regm with backref - ssl: loading dh param from certifile causes unpredictable error. - ssl: fix missing error loading a keytype cert from a bundle. - ssl: empty connections reported as errors. - cli: make 'show fd' thread-safe - hathreads: implement a more flexible rendez-vous point - threads: fix the no-thread case after the change to the sync point - threads: add more consistency between certain variables in no-thread case - threads: fix the double CAS implementation for ARMv7 - threads: Introduce double-width CAS on x86_64 and arm. - lua: possible CLOSE-WAIT state with '\n' headers For additional changes please refer to the changelog. This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094846" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108683" ); script_set_attribute( attribute:"solution", value:"Update the affected haproxy packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11469"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:haproxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:haproxy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:haproxy-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"haproxy-1.8.14~git0.52e4d43b-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"haproxy-debuginfo-1.8.14~git0.52e4d43b-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"haproxy-debugsource-1.8.14~git0.52e4d43b-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "haproxy / haproxy-debuginfo / haproxy-debugsource"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1229.NASL description This update for haproxy to version 1.8.14 fixes the following issues : These security issues were fixed : - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpack_valid_idx() that resulted in a remote crash and denial of service (bsc#1108683) - CVE-2018-11469: Incorrect caching of responses to requests including an Authorization header allowed attackers to achieve information disclosure via an unauthenticated remote request (bsc#1094846). These non-security issues were fixed : - Require apparmor-abstractions to reduce dependencies (bsc#1100787) - hpack: fix improper sign check on the header index value - cli: make sure the last seen 2020-06-05 modified 2018-10-24 plugin id 118344 published 2018-10-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118344 title openSUSE Security Update : haproxy (openSUSE-2018-1229) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-1229. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(118344); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-11469", "CVE-2018-14645"); script_name(english:"openSUSE Security Update : haproxy (openSUSE-2018-1229)"); script_summary(english:"Check for the openSUSE-2018-1229 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for haproxy to version 1.8.14 fixes the following issues : These security issues were fixed : - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpack_valid_idx() that resulted in a remote crash and denial of service (bsc#1108683) - CVE-2018-11469: Incorrect caching of responses to requests including an Authorization header allowed attackers to achieve information disclosure via an unauthenticated remote request (bsc#1094846). These non-security issues were fixed : - Require apparmor-abstractions to reduce dependencies (bsc#1100787) - hpack: fix improper sign check on the header index value - cli: make sure the 'getsock' command is only called on connections - tools: fix set_net_port() / set_host_port() on IPv4 - patterns: fix possible double free when reloading a pattern list - server: Crash when setting FQDN via CLI. - kqueue: Don't reset the changes number by accident. - snapshot: take the proxy's lock while dumping errors - http/threads: atomically increment the error snapshot ID - dns: check and link servers' resolvers right after config parsing - h2: fix risk of memory leak on malformated wrapped frames - session: fix reporting of handshake processing time in the logs - stream: use atomic increments for the request counter - thread: implement HA_ATOMIC_XADD() - ECC cert should work with TLS < v1.2 and openssl >= 1.1.1 - dns/server: fix incomatibility between SRV resolution and server state file - hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0. - thread: lua: Wrong SSL context initialization. - hlua: Make sure we drain the output buffer when done. - lua: reset lua transaction between http requests - mux_pt: dereference the connection with care in mux_pt_wake() - lua: Bad HTTP client request duration. - unix: provide a ->drain() function - Fix spelling error in configuration doc - cli/threads: protect some server commands against concurrent operations - cli/threads: protect all 'proxy' commands against concurrent updates - lua: socket timeouts are not applied - ssl: Use consistent naming for TLS protocols - dns: explain set server ... fqdn requires resolver - map: fix map_regm with backref - ssl: loading dh param from certifile causes unpredictable error. - ssl: fix missing error loading a keytype cert from a bundle. - ssl: empty connections reported as errors. - cli: make 'show fd' thread-safe - hathreads: implement a more flexible rendez-vous point - threads: fix the no-thread case after the change to the sync point - threads: add more consistency between certain variables in no-thread case - threads: fix the double CAS implementation for ARMv7 - threads: Introduce double-width CAS on x86_64 and arm. - lua: possible CLOSE-WAIT state with '\n' headers For additional changes please refer to the changelog. This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094846" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108683" ); script_set_attribute( attribute:"solution", value:"Update the affected haproxy packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:haproxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:haproxy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:haproxy-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"haproxy-1.8.14~git0.52e4d43b-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"haproxy-debuginfo-1.8.14~git0.52e4d43b-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"haproxy-debugsource-1.8.14~git0.52e4d43b-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "haproxy / haproxy-debuginfo / haproxy-debugsource"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3663-1.NASL description It was discovered that HAProxy incorrectly handled certain resquests. An attacker could possibly use this to expose sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110262 published 2018-05-31 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110262 title Ubuntu 18.04 LTS : haproxy vulnerability (USN-3663-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3663-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(110262); script_version("1.5"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2018-11469"); script_xref(name:"USN", value:"3663-1"); script_name(english:"Ubuntu 18.04 LTS : haproxy vulnerability (USN-3663-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that HAProxy incorrectly handled certain resquests. An attacker could possibly use this to expose sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3663-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected haproxy package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:haproxy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/25"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"18.04", pkgname:"haproxy", pkgver:"1.8.8-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "haproxy"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-941D094624.NASL description Update to 1.8.12 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120628 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120628 title Fedora 28 : haproxy (2018-941d094624) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-941d094624. # include("compat.inc"); if (description) { script_id(120628); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-11469"); script_xref(name:"FEDORA", value:"2018-941d094624"); script_name(english:"Fedora 28 : haproxy (2018-941d094624)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 1.8.12 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-941d094624" ); script_set_attribute( attribute:"solution", value:"Update the affected haproxy package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:haproxy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/25"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"haproxy-1.8.12-2.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "haproxy"); }
Redhat
advisories |
| ||||
rpms |
|
References
- http://www.securityfocus.com/bid/104347
- http://www.securityfocus.com/bid/104347
- https://access.redhat.com/errata/RHSA-2019:1436
- https://access.redhat.com/errata/RHSA-2019:1436
- https://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=17514045e5d934dede62116216c1b016fe23dd06
- https://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=17514045e5d934dede62116216c1b016fe23dd06
- https://usn.ubuntu.com/3663-1/
- https://usn.ubuntu.com/3663-1/