Denial of Service Vulnerability in HAProxy by HAProxy Technologies
CVE-2022-0711

7.5HIGH

Key Information:

Vendor: Haproxy
Status: Haproxy
Vendor: CVE Published:; 2 March 2022

What is CVE-2022-0711?

A flaw exists in HAProxy's processing of HTTP responses containing the 'Set-Cookie2' header, which can be exploited by attackers. By sending specially crafted HTTP response packets, an attacker may create an infinite loop within the application, leading to a denial of service condition. This vulnerability impacts the availability of the service, necessitating immediate attention and potential patches to mitigate risks.

Affected Version(s)

haproxy 2.5.1

References

https://access.redhat.com/security/cve/cve-2022-0711

x_refsource_MISC

https://www.mail-archive.com/haproxy%40formilux.org/msg41...

x_refsource_MISC

https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f...

x_refsource_MISC

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2022
Vulnerability Reserved
Feb 21, 2022

Haproxy

What is CVE-2022-0711?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline