CVE-2022-0711
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
| Software | From | Fixed in |
|---|---|---|
| redhat / enterprise_linux | 7.0 | 7.0.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| redhat / openshift_container_platform | 4.0 | 4.0.x |
| debian / debian_linux | 11.0 | 11.0.x |
| haproxy / haproxy | 2.4.0 | 2.4.13 |
| haproxy / haproxy | 2.3.0 | 2.3.18 |
| haproxy / haproxy | 2.2.0 | 2.2.21 |
- https://access.redhat.com/security/cve/cve-2022-0711
- https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8
- https://www.debian.org/security/2022/dsa-5102
- https://www.mail-archive.com/haproxy@formilux.org/msg41833.html
- https://www.mail-archive.com/haproxy%40formilux.org/msg41833.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime