QwikSec

Security Database

CVE

CWE

Training

CVE-2022-0711

Published: Mar 2, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

Vendor	Product	Versions
n/a	haproxy	affected `2.5.1`

Weaknesses (CWE)

References

https://access.redhat.com/security/cve/cve-2022-0711

x_refsource_MISC

https://www.mail-archive.com/haproxy%40formilux.org/msg41833.html

x_refsource_MISC

https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.