Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-002)

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2HAPROXY2-2023-002 advisory. An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missi...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2645)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information Disclosure

haproxy is vulnerable to an Information Disclosure. The vulnerability occurs because GitLab does not properly sanitize the FCGIBEGINREQUEST record. An attacker can exploit this vulnerability by sending a malicious request to GitLab that contains a crafted FCGIBEGINREQUEST record. This will cause...

Debian DSA-5388-1 : haproxy - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5388 advisory. It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGIBEGINREQUEST record. ...

CVE-2023-0836

A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGIBEGINREQUEST record. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and us...