What is CVE-2019-19330?

CVE-2019-19330 is a vulnerability in the HTTP/2 implementation in HAProxy before version 2.0.10 that mishandles headers, allowing for Intermediary Encapsulation Attacks.

How severe is CVE-2019-19330?

CVE-2019-19330 is considered critical with a severity value of 9.8.

Which versions of HAProxy are affected by CVE-2019-19330?

HAProxy versions 1.8.19-1+deb10u3, 1.8.19-1+deb10u4, 2.2.9-2+deb11u5, 2.6.12-1, and 2.6.15-1 are affected by CVE-2019-19330.

How can I fix CVE-2019-19330?

To fix CVE-2019-19330, you should update HAProxy to version 2.0.10.

Where can I find more information about CVE-2019-19330?

You can find more information about CVE-2019-19330 at the following references: [Reference 1](https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344), [Reference 2](https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878), [Reference 3](https://security-tracker.debian.org/tracker/CVE-2019-19330).

Vulnerability/
CVE-2019-19330

critical

9.8

CWE

27/11/2019

5/8/2024

CVE-2019-19330

First published: Wed Nov 27 2019(Updated: )

Last updated 24 July 2024

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Haproxy Haproxy	<2.0.10
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=19.04
Canonical Ubuntu Linux	=19.10
Debian Debian Linux	=10.0
redhat/haproxy	<2.0.10	2.0.10
redhat/haproxy	<1.8.23	1.8.23
debian/haproxy		2.2.9-2+deb11u6 2.6.12-1+deb12u1 2.9.11-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-19330?
CVE-2019-19330 is a vulnerability in the HTTP/2 implementation in HAProxy before version 2.0.10 that mishandles headers, allowing for Intermediary Encapsulation Attacks.
How severe is CVE-2019-19330?
CVE-2019-19330 is considered critical with a severity value of 9.8.
Which versions of HAProxy are affected by CVE-2019-19330?
HAProxy versions 1.8.19-1+deb10u3, 1.8.19-1+deb10u4, 2.2.9-2+deb11u5, 2.6.12-1, and 2.6.15-1 are affected by CVE-2019-19330.
How can I fix CVE-2019-19330?
To fix CVE-2019-19330, you should update HAProxy to version 2.0.10.
Where can I find more information about CVE-2019-19330?
You can find more information about CVE-2019-19330 at the following references: [Reference 1](https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344), [Reference 2](https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878), [Reference 3](https://security-tracker.debian.org/tracker/CVE-2019-19330).

collector/nvd-index
agent/type
agent/severity
agent/remedy
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-19330
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/first-publish-date
agent/description
collector/launchpad-cve
source/Launchpad
collector/nvd-cve
source/NVD
agent/author
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/haproxy
canonical/haproxy haproxy
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/19.04
version/canonical ubuntu linux/19.10
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
package-manager/redhat
package-manager/debian

CVE-2019-19330

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-19330?

How severe is CVE-2019-19330?

Which versions of HAProxy are affected by CVE-2019-19330?

How can I fix CVE-2019-19330?

Where can I find more information about CVE-2019-19330?

Company

Resources

Contact