Comment 0 for bug 1118160

Revision history for this message
Jesse Pretorius (jesse-pretorius) wrote : HAProxy Secure / HttpOnly Flag Cookie Weakness

HAProxy contains a weakness due to not supporting certain security-related flags for cookies. By not supporting the 'Secure' or 'HttpOnly' cookies, applications behind the proxy become more susceptible to cookie stealing attacks.

The solution is to upgrade to version 1.5-DEV11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Please work on updating the Ubuntu packages to v1.5 asap.