EulerOS 2.0 SP13 : haproxy (EulerOS-SA-2026-1211)

🗓️ 02 Feb 2026 00:00:00Reported by TenableType

EulerOS 2.0 SP13 haproxy vulnerable to denial of service via crafted data (CVE-2025-11230).

Reporter	Title	Published	Views	Family All 139
Tenable Nessus	Alibaba Cloud Linux 3 : 0186: haproxy (ALINUX3-SA-2025:0186)	22 Nov 202500:00	–	nessus
Tenable Nessus	AlmaLinux 10 : haproxy (ALSA-2025:21691)	25 Nov 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : haproxy (ALSA-2025:21693)	19 Nov 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-11230)	22 Jan 202600:00	–	nessus
Tenable Nessus	Debian dsa-6017 : haproxy - security update	3 Oct 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : haproxy (EulerOS-SA-2026-1069)	15 Jan 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : haproxy (EulerOS-SA-2026-1089)	15 Jan 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : haproxy (EulerOS-SA-2026-1223)	2 Feb 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2026-1580)	17 Mar 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2026-1608)	16 Mar 202600:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(297609);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");

  script_cve_id("CVE-2025-11230");
  script_xref(name:"IAVB", value:"2025-B-0166-S");

  script_name(english:"EulerOS 2.0 SP13 : haproxy (EulerOS-SA-2026-1211)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

    Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service
    via specially crafted JSON requests.(CVE-2025-11230)

Tenable has extracted the preceding description block directly from the EulerOS haproxy security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2026-1211
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cf9e9dda");
  script_set_attribute(attribute:"solution", value:
"Update the affected haproxy packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-11230");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/10/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/02/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:haproxy");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP13");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(13)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP13");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP13", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "haproxy-2.6.6-8.h10.eulerosv2r13"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"13", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "haproxy");
}

30 Apr 2026 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.5

EPSS0.00468

SSVC