3 matches found
ROS-20241023-01
A vulnerability in the HAProxy server software is related to the opening of a 0-RTT session with a spoofed IP address. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the the functionality of the allowed/blocked IP address list...
CVE-2024-49214
A flaw was found in HAProxy's QUIC listener. This vulnerability can allow an attacker to bypass the IP allow/block list via a spoofed IP address in a 0-RTT session. The attacker could exploit this by obtaining a TLS session ticket using their real IP, then initiating a 0-RTT session with a spoofe...
CVE-2024-49214
The CVE-2024-49214 issue affects HAProxy QUIC handling. Affected: HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11. Root cause: insufficient validation enables opening a 0-RTT session with a spoofed IP, bypassing IP allow/block lists. Impact: potential unauthorized acces...