Lucene search
K

188 matches found

UbuntuCve
UbuntuCve
added 2023/04/11 12:0 a.m.39 views

CVE-2023-25950

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...

7.3CVSS6.9AI score0.02942EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/11 12:0 a.m.8 views

CVE-2023-25950

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...

7AI score0.02942EPSS
Exploits0References3
OSV
OSV
added 2023/04/03 1:9 p.m.7 views

USN-5994-1 haproxy vulnerability

It was discovered that HAProxy incorrectly initialized certain connection buffers. A remote attacker could possibly use this issue to obtain sensitive information...

7.5CVSS5.8AI score0.01201EPSS
Exploits0References2
OSV
OSV
added 2023/03/29 12:0 a.m.7 views

CVE-2023-0836

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...

7.5CVSS7.3AI score0.01201EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.5 views

HAProxy 安全漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company Haproxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of levels of connections with high efficiency and stability. A security vulnerability exists in HAProxy. An attacker...

7.5CVSS7.1AI score0.01201EPSS
Exploits0References5
OSV
OSV
added 2023/03/27 12:0 a.m.5 views

UBUNTU-CVE-2023-0836

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...

7.5CVSS5.9AI score0.01201EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/23 12:0 a.m.5 views

CVE-2023-0056

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability...

6.3AI score0.01834EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2023/02/20 8:0 a.m.4 views

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3 the impact is limited because the headers disappear before being parsed and processed as if they had not been sent by the client. The fixed versions are 2.7.3 2.6.9 2.5.12 2.4.22 2.2.29 and 2.0.31.

...

9.1CVSS7.5AI score0.05493EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.3 views

SUSE CVE-2015-3281

The bufferslowrealign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information uninitialized memory contents of previous requests via a crafted request...

5CVSS6AI score0.04274EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.5 views

SUSE CVE-2016-3711

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFTnamespaceSERVERID" cookie...

3.3CVSS6.6AI score0.00355EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.4 views

SUSE CVE-2018-20102

An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing...

6.5CVSS8AI score0.04347EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.4 views

SUSE CVE-2018-20103

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...

7.5CVSS7.8AI score0.06593EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.6 views

SUSE CVE-2019-8953

The HAProxy package before 0.5916 for pfSense has XSS via the desc aka Description or tableactionsaclN parameter, related to haproxylisteners.php and haproxylistenersedit.php...

6.1CVSS6.2AI score0.52236EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.4 views

SUSE CVE-2021-39240

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the routing rule...

7.5CVSS7AI score0.02319EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.2 views

SUSE CVE-2021-39242

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled...

7.5CVSS6.9AI score0.02341EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.2 views

SUSE CVE-2021-40346

An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs...

7.5CVSS8.8AI score0.57934EPSS
Exploits6References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.3 views

SUSE CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

9.3CVSS7.7AI score0.05493EPSS
Exploits0References10
OSV
OSV
added 2023/02/14 7:15 p.m.2 views

DEBIAN-CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

9.1CVSS7.7AI score0.05493EPSS
Exploits0References1
OSV
OSV
added 2023/02/14 5:9 p.m.7 views

USN-5869-1 haproxy vulnerability

Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions...

9.1CVSS7.2AI score0.05493EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/14 12:0 a.m.3 views

CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

9.2AI score0.05493EPSS
Exploits0References6
Rows per page
Query Builder