Denial of Service in HAProxy Due to Cookie Management Issues
CVE-2019-14241

7.5HIGH

Key Information:

Vendor: Haproxy
Status: Haproxy
Vendor: CVE Published:; 23 July 2019

What is CVE-2019-14241?

HAProxy versions prior to 2.0.2 are susceptible to a denial of service vulnerability that can be exploited via improper handling of client-side cookies in the 'htx_manage_client_side_cookies' function. This flaw can lead to an application crash, resulting in service disruptions. It is crucial for users to upgrade to the latest version to mitigate potential risks associated with this vulnerability.

References

https://github.com/haproxy/haproxy/issues/181

x_refsource_MISC

http://www.securityfocus.com/bid/109352

vdb-entryx_refsource_BID

http://lists.opensuse.org/opensuse-security-announce/2019...

vendor-advisoryx_refsource_SUSE

EPSS Score

35% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Jul 23, 2019

Haproxy

What is CVE-2019-14241?

References

EPSS Score

CVSS V3.1

Timeline