Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-39241

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such as in the "GET /admin? HTTP/1.1 /static/images HTTP/1.1" example.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 75.5%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2021-39241


Contact Us

Shodan ® - All rights reserved