DEBIAN-CVE-2018-11469

DEBIAN-CVE-2018-11469 PUBLISHED CVSS 5.900000095367432 MEDIUM

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.

Risk Scores

CVSS 3.0

5.900000095367432

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:12	haproxy	0, 0, 0
Debian:13	haproxy	0, 0, 0
Debian:11	haproxy	0, 0, 0
Debian:14	haproxy	0, 0, 0

Timeline

May 25, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-11469 advisory

Open in Interactive Console →