Risk | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2023-45539 CVE-2017-14189 |
CWE-ID | CWE-20 CWE-287 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system haproxy (Ubuntu package) Operating systems & Components / Operating system package or component |
Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU83902
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45539
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input when processing the "#" character in the URI. A remote attacker can pass specially crafted URI to the application and view otherwise restricted file or potentially manipulate data.
Update the affected package haproxy to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 18.04
haproxy (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6530-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU9506
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14189
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in web UI of Fortinet FortiWebManager. A remote attacker can login as administrator with arbitrary password.
Update the affected package haproxy to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 18.04
haproxy (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6530-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.