Remotely Exploitable HAProxy Vuln Threatens Sensitive Data
It was discovered that the HAProxy load balancing reverse proxy incorrectly handled URI components containing the hash character (CVE-2023-45539). This vulnerability is very straightforward for a remote attacker to exploit and severely threatens impacted users’ sensitive information, making it among the worst bugs we’ve seen in a while!
How Do These Vulnerabilities Affect Linux Systems & What Can You Do to Stay Safe?
With over 44% of the proxy server market share, this flaw has a widespread impact on Linux users’ security. A remote attacker could easily exploit this bug to steal impacted users’ sensitive data.
An important HAProxy update has been released to mitigate this severe bug. Given this vulnerability's damaging repercussions on impacted systems, if left unpatched, we urge all affected users to apply the updates issued by Debian, Debian LTS, SUSE, and Ubuntu immediately to protect against data leakage.
To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on X for real-time updates on advisories for your distro(s).