A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

An update of the haproxy package has been released.

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-001 advisory.

    A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This flaw     could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually     resulting in a denial of service condition. The highest threat from this vulnerability is availability.
    (CVE-2022-0711)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2277-1 advisory.

  - A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This     flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop,     eventually resulting in a denial of service condition. The highest threat from this vulnerability is     availability. (CVE-2022-0711)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A flaw was found in the way HAProxy processed HTTP responses containing the 'Set-Cookie2' header. This     flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop,     eventually resulting in a denial of service condition. The highest threat from this vulnerability is     availability. (CVE-2022-0711)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1620 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.57. See the following     advisory for the container images for this release:

    https://access.redhat.com/errata/RHBA-2022:1621

    Security Fix(es):

    * haproxy: Denial of service via set-cookie2 header (CVE-2022-0711)
    * workflow-multibranch: OS command execution through crafted SCM contents     (CVE-2022-25175)
    * workflow-cps: Pipeline-related plugins follow symbolic links or do not     limit path names (CVE-2022-25176)
    * workflow-cps-global-lib: Pipeline-related plugins follow symbolic links     or do not limit path names (CVE-2022-25177)
    * workflow-cps-global-lib: Pipeline-related plugins follow symbolic links     or do not limit path names (CVE-2022-25178)
    * workflow-multibranch: Pipeline-related plugins follow symbolic links or     do not limit path names (CVE-2022-25179)
    * workflow-cps: Password parameters are included from the original build in     replayed builds (CVE-2022-25180)
    * workflow-cps: OS command execution through crafted SCM contents     (CVE-2022-25173)
    * workflow-cps-global-lib: OS command execution through crafted SCM     contents (CVE-2022-25174)
    * workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25181)
    * workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25182)
    * workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25183)
    * pipeline-build-step: Password parameter default values exposed     (CVE-2022-25184)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s)     listed in the References section.

    All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1336 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    See the following advisory for the container images for this release:

    https://access.redhat.com/errata/RHBA-2022:1337

    Security Fix(es):

    * haproxy: Denial of service via set-cookie2 header (CVE-2022-0711)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1153 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.36. See the following     advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2022:1154

    Security Fix(es):

    * haproxy: Denial of service via set-cookie2 header (CVE-2022-0711)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

    All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1021 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.26. See the following     advisory for the container images for this release:

    https://access.redhat.com/errata/RHBA-2022:1022

    Security Fix(es):

    * haproxy: Denial of service via set-cookie2 header (CVE-2022-0711)
    * workflow-cps: OS command execution through crafted SCM contents     (CVE-2022-25173)
    * workflow-cps-global-lib: OS command execution through crafted SCM     contents (CVE-2022-25174)
    * workflow-multibranch: OS command execution through crafted SCM contents     (CVE-2022-25175)
    * workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25181)
    * workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25182)
    * workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25183)
    * workflow-cps: Pipeline-related plugins follow symbolic links or do not     limit path names (CVE-2022-25176)
    * workflow-cps-global-lib: Pipeline-related plugins follow symbolic links     or do not limit path names (CVE-2022-25177)
    * workflow-cps-global-lib: Pipeline-related plugins follow symbolic links     or do not limit path names (CVE-2022-25178)
    * workflow-multibranch: Pipeline-related plugins follow symbolic links or     do not limit path names (CVE-2022-25179)
    * workflow-cps: Password parameters are included from the original build in     replayed builds (CVE-2022-25180)
    * pipeline-build-step: Password parameter default values exposed     (CVE-2022-25184)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

    All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5102 advisory.

  - A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This     flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop,     eventually resulting in a denial of service condition. The highest threat from this vulnerability is     availability. (CVE-2022-0711)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5312-1 advisory.

    It was discovered that HAProxy incorrectly handled certain headers. A remote attacker could possibly use     this issue to cause HAProxy to stop responding, resulting in a denial of service.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
203936	Photon OS 3.0: Haproxy PHSA-2022-3.0-0374	Nessus	PhotonOS Local Security Checks	high
203283	Photon OS 4.0: Haproxy PHSA-2022-4.0-0167	Nessus	PhotonOS Local Security Checks	high
182003	Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-001)	Nessus	Amazon Linux Local Security Checks	high
162937	SUSE SLES15 Security Update : haproxy (SUSE-SU-2022:2277-1)	Nessus	SuSE Local Security Checks	high
162262	EulerOS 2.0 SP9 : haproxy (EulerOS-SA-2022-1866)	Nessus	Huawei Local Security Checks	high
162247	EulerOS 2.0 SP9 : haproxy (EulerOS-SA-2022-1842)	Nessus	Huawei Local Security Checks	high
161860	EulerOS 2.0 SP10 : haproxy (EulerOS-SA-2022-1806)	Nessus	Huawei Local Security Checks	high
161858	EulerOS 2.0 SP10 : haproxy (EulerOS-SA-2022-1789)	Nessus	Huawei Local Security Checks	high
160512	RHEL 7 / 8 : OpenShift Container Platform 4.6.57 (RHSA-2022:1620)	Nessus	Red Hat Local Security Checks	high
160020	RHEL 7 / 8 : OpenShift Container Platform 4.7.49 (RHSA-2022:1336)	Nessus	Red Hat Local Security Checks	high
159660	RHEL 8 : OpenShift Container Platform 4.8.36 (RHSA-2022:1153)	Nessus	Red Hat Local Security Checks	high
159296	RHEL 8 : OpenShift Container Platform 4.9.26 (RHSA-2022:1021)	Nessus	Red Hat Local Security Checks	high
158899	Debian DSA-5102-1 : haproxy - security update	Nessus	Debian Local Security Checks	high
158573	Ubuntu 20.04 LTS : HAProxy vulnerability (USN-5312-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2022-0711

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high