Description
The Haproxy provides Data Plane API for accessing various information and configuring it. Acunetix determined that it was possible to access this API without authentication or using weak/known login and password.
Remediation
Restrict access to the Haproxy Data Plane API interface
References
Related Vulnerabilities
Unsafe value for session tracking in WEB-INF/web.xml
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7833)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7831)
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-29517)