Vulnerability Database

300,214

Total vulnerabilities in the database

CVE-2018-11469

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.

Published: May 25, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-11469
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
haproxy / haproxy	1.8.0	1.8.9.x
canonical / ubuntu_linux	18.04	18.04.x

http://www.securityfocus.com/bid/104347
https://access.redhat.com/errata/RHSA-2019:1436
https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06
https://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=17514045e5d934dede62116216c1b016fe23dd06
https://usn.ubuntu.com/3663-1/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo