CVE-2019-19330 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Affected Products (NVD)

Vendor	Product	Version
haproxy	haproxy	𝑥 < 2.0.10
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04
canonical	ubuntu_linux	19.10
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

haproxy

bookworm	2.6.12-1+deb12u1 fixed
bookworm (security)	2.6.12-1+deb12u1 fixed
bullseye	2.2.9-2+deb11u6 fixed
bullseye (security)	2.2.9-2+deb11u6 fixed
jessie	not-affected
sid	2.9.11-1 fixed
stretch	not-affected
trixie	2.9.11-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

haproxy

bionic	Fixed 1.8.8-1ubuntu0.9 released
disco	Fixed 1.8.19-1ubuntu1.3 released
eoan	Fixed 2.0.5-1ubuntu0.3 released
trusty	dne
xenial	not-affected

Common Weakness Enumeration

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References

https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e

https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878

https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344

https://seclists.org/bugtraq/2019/Nov/45

https://security.gentoo.org/glsa/202004-01

https://tools.ietf.org/html/rfc7540#section-10.3

https://usn.ubuntu.com/4212-1/

https://www.debian.org/security/2019/dsa-4577

https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e

https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878

https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344

https://seclists.org/bugtraq/2019/Nov/45

https://security.gentoo.org/glsa/202004-01

https://tools.ietf.org/html/rfc7540#section-10.3

https://usn.ubuntu.com/4212-1/

https://www.debian.org/security/2019/dsa-4577