18 matches found
Astra Linux - уязвимость в haproxy
HAProxy versions 2.0.32, 2.1.x, and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 send empty Content-Length headers, violating section 8.6 of RFC 9110. In rare cases, an HTTP/1 server behind HAPProxy may interpret...
CLSA-2025-1736503350 haproxy: Fix of CVE-2023-40225
CVE-2023-40225: Fix forward empty Content-Length headers issue...
RHEL 8 / 9 : OpenShift Container Platform 4.14.4 (RHSA-2023:7473)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7473 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
haproxy: Proxy forwards malformed empty Content-Length headers
A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render the HTTP/1 server vulnerable to attacks in some uncommon cases...
haproxy: Proxy forwards malformed empty Content-Length headers
A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render the HTTP/1 server vulnerable to attacks in some uncommon cases...
haproxy: Proxy forwards malformed empty Content-Length headers
A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render the HTTP/1 server vulnerable to attacks in some uncommon cases...
haproxy: Proxy forwards malformed empty Content-Length headers
A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render the HTTP/1 server vulnerable to attacks in some uncommon cases...
haproxy: Proxy forwards malformed empty Content-Length headers
A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render the HTTP/1 server vulnerable to attacks in some uncommon cases...
MGASA-2023-0320 Updated haproxy packages fix security vulnerability
Haproxy has fixed security and other issues in last upstream version 2.8.3 of branch 2.8 Default user access are now commented out to prevent local action possible exploit and prevent further rpmnew on future updates. Use a check script to have config check result in error log on failure. Fix...
OESA-2023-1541 haproxy security update
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: HAProxy through...
Medium: haproxy
Issue Overview: HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind...
HAProxy through 2.0.32 2.1.x and 2.2.x through 2.2.30 2.3.x and 2.4.x through 2.4.23 2.5.x and 2.6.x before 2.6.15 2.7.x before 2.7.10 and 2.8.x before 2.8.2 forwards empty Content-Length headers violating RFC 9110 section 8.6. In uncommon cases an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
...
USN-6294-2 haproxy vulnerability
USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the paylo...
USN-6294-1 haproxy vulnerability
Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions...
SUSE CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpre...
DEBIAN-CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpre...
CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpre...
UBUNTU-CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpre...