Comment 0 for bug 1118160
Revision history for this message
| Jesse Pretorius (jesse-pretorius) wrote HAProxy Secure / HttpOnly Flag Cookie Weakness | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
HAProxy contains a weakness due to not supporting certain security-related flags for cookies. By not supporting the 'Secure' or 'HttpOnly' cookies, applications behind the proxy become more susceptible to cookie stealing attacks.
The solution is to upgrade to version 1.5-DEV11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Please work on updating the Ubuntu packages to v1.5 asap.