Description
The Haproxy provides Data Plane API for accessing various information and configuring it. Acunetix determined that it was possible to access this API without authentication or using weak/known login and password.
Remediation
Restrict access to the Haproxy Data Plane API interface
References
Related Vulnerabilities
Oracle Business Intelligence Adfresource Path traversal CVE-2019-2588
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6472)
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.10)
WordPress 3.1.2 Multiple Vulnerabilities (3.0.1 - 3.1.2)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9481)