← back
CVE-2024-49214

CVE-2024-49214

CVSS 5.3 MEDIUMEPSS 0.5%CWE-290
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Oct 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/haproxy/haproxy/commit/f627b9272bd8ffca6f2f898bfafc6bf0b84b7d46https://www.haproxy.org/download/2.9/src/CHANGELOGhttps://www.haproxy.org/download/3.0/src/CHANGELOGhttps://www.haproxy.org/download/3.1/src/CHANGELOGhttps://www.mail-archive.com/haproxy%40formilux.org/msg45291.htmlhttps://www.mail-archive.com/haproxy%40formilux.org/msg45314.htmlhttps://www.mail-archive.com/haproxy%40formilux.org/msg45315.html