Unrestricted access to Haproxy Data Plane API - Vulnerability Database

Unrestricted access to Haproxy Data Plane API

Description

The Haproxy provides Data Plane API for accessing various information and configuring it. Invicti determined that it was possible to access this API without authentication or using weak/known login and password.

Remediation

Restrict access to the Haproxy Data Plane API interface

References

Data Plane API Installation

Related Vulnerabilities

Severity

High

Classification

CWE-200

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N