CVE-2022-0711 A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header

Since the "Set-Cookie2" header is used for session-management purposes on a web application, an attacker could exploit this vulnerability during a targeted/malicious session. If exploited in a low-severity fashion (e.g. session hijacking), an attacker could also cause a high-severity denial of service condition due to the server being flooded with HTTP requests. A full CVE analysis has been posted here: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-0261 --------------------------- 6.3 CVE analysis - Nginx NGINX was found to be vulnerable to a "stack exhaustion" condition in the context of handling HTTP request responses. In certain conditions where an attacker is able to inject large amounts of traffic into NGINX, the web server could run out of memory, resulting in a denial of service condition. The highest threat from this vulnerability is availability.

6.3.1 CVE-2017-0262

Nginx was found to be vulnerable to a denial of service condition in the context of handling HTTP request requests. An attacker could exploit this vulnerability by injecting large amounts of traffic into NGINX, causing it to run out of memory and resulting in a denial of service condition. The highest threat from this vulnerability is availability.

Summary

An attacker could exploit this vulnerability in a low-severity fashion to hijack a session, or in a high-severity manner to cause the web server to run out of memory.

1.1 Vulnerability summary

Nginx was found to be vulnerable to a "stack exhaustion" condition in the context of handling HTTP request responses. In certain conditions where an attacker is able to inject large amounts of traffic into NGINX, the web server could run out of memory, resulting in a denial of service condition. The highest threat from this vulnerability is availability.
1.2 Technical description
Nginx was found to be vulnerable to a "stack exhaustion" condition in the context of handling HTTP request responses. In certain conditions where an attacker is able to inject large amounts of traffic into NGINX, the web server could run out of memory, resulting in a denial of service condition. The highest threat from this vulnerability is availability.

Low-severity vulnerability - Denial of Service condition

It is likely that a low-severity denial of service condition will occur as a result of the vulnerability, but it is not known what impact this will have on availability.

Timeline

Published on: 03/02/2022 22:15:00 UTC
Last modified on: 07/21/2022 12:30:00 UTC

References

• https://access.redhat.com/security/cve/cve-2022-0711
• https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8
• https://www.mail-archive.com/haproxy@formilux.org/msg41833.html
• https://www.debian.org/security/2022/dsa-5102
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0711