188 matches found
CVE-2023-25725
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...
Haproxy 资源管理错误漏洞
Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company Haproxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of connection levels, with high efficiency and stability. HAProxy has a security vulnerability that stems from...
USN-5819-1 haproxy vulnerability
It was discovered that HAProxy incorrectly handled certain messages. A remote attacker could possibly use this issue to cause HAProxy to stop responding, resulting in a denial of service...
UBUNTU-CVE-2023-0056
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability...
The vulnerability of the server software HAProxy, related to deficiencies in handling exceptional states, allows a perpetrator to compromise data integrity.
The vulnerability of the server software HAProxy is related to deficiencies in handling exceptional states. Exploiting this vulnerability allows a remote attacker to compromise data integrity...
Vulnerability fixed in HAProxy
A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...
CVE-2021-4047
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9...
Denial Of Service (DoS)
haproxy is vulnerable to denial of service. The vulnerability exists due to a remote infinite loop via Set-Cookie2 header...
haproxy: request smuggling attack or response splitting via duplicate content-length header
Proxy server haproxy has a flaw that can could allow an HTTP request smuggling attack with the goal of bypassing access-control list rules defined by haproxy. The attack was made possible by utilizing an integer overflow vulnerability that allowed reaching an unexpected state in haproxy while...
haproxy: request smuggling attack or response splitting via duplicate content-length header
Proxy server haproxy has a flaw that can could allow an HTTP request smuggling attack with the goal of bypassing access-control list rules defined by haproxy. The attack was made possible by utilizing an integer overflow vulnerability that allowed reaching an unexpected state in haproxy while...
haproxy: does not ensure that the scheme and path portions of a URI have the expected characters
A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters. This may cause specially crafted input to bypass implemented security restrictions. The highest threat from...
Privilege Escalation
HAProxy is vulnerable to privilege escalation. The vulnerability exists due to a flaw in HTTP method name that when it contains a space followed by the name of a protected resource, it is possible that a server would interpret this as a request for that protected resource, such as in the "GET...
Authorization Bypass
haproxy is vulnerable to authorization bypass. Lack of validation of the HTTP Host header could potentially result in bypass of access controls due to a mishandling of the Host and authority...
Insecure URL Path
HAProxy has insecure path. The vulnerability exists due to the system not ensuring that the scheme and path portions of a URI have the expected characters...
USN-5042-1 haproxy vulnerabilities
It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions...
Haproxy HAProxy 安全漏洞
Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy Haproxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of connection levels, with high efficiency and stability. HAProxy has a security vulnerability that stems fro...
Haproxy HAProxy 安全漏洞
Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy Haproxy. The server provides Layer 4 and Layer 7 proxies and can support tens of thousands of connection levels with high efficiency and stability. A security vulnerability exists in HAProxy, which...
The vulnerability of the HPACK decoder in HAProxy server software allows for exploitation by reading data beyond the allowed buffer limits, enabling attackers to cause service failures.
The vulnerability of the HPACK decoder in HAProxy server software relates to reading data from buffer fields beyond their allowable limits. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Security Bulletin: HAProxy vulnerability CVE-2019-19330 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0
Summary HAProxy vulnerability CVE-2019-19330 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer...
The vulnerability of the `dns_validate_dns_response` function in the `dns.c` component of the HAProxy network software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the dnsvalidatednsresponse function in the dns.c component of the HAProxy network software arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to...