VDB
DEBIAN-CVE-2021-39241
DEBIAN-CVE-2021-39241
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such as in the "GET /admin? HTTP/1.1 /static/images HTTP/1.1" example.
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | haproxy | 0, 0, 0 |
| Debian:11 | haproxy | 0, *, 2.2.9-2 |
| Debian:14 | haproxy | 0, 0, 0 |
| Debian:13 | haproxy | 0, 0, 0 |
Timeline
- Aug 17, 2021 CVE Published
- Apr 28, 2026 CVE Updated