Lucene search
K

188 matches found

Vulnrichment
Vulnrichment
added 2023/02/14 12:0 a.m.3 views

CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

9.2AI score0.05493EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/01/24 12:0 a.m.2 views

Haproxy 资源管理错误漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company Haproxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of connection levels, with high efficiency and stability. HAProxy has a security vulnerability that stems from...

6.5CVSS6AI score0.01834EPSS
Exploits0References5
OSV
OSV
added 2023/01/23 2:21 p.m.4 views

USN-5819-1 haproxy vulnerability

It was discovered that HAProxy incorrectly handled certain messages. A remote attacker could possibly use this issue to cause HAProxy to stop responding, resulting in a denial of service...

6.5CVSS6.9AI score0.01834EPSS
Exploits0References2
OSV
OSV
added 2023/01/18 12:0 a.m.1 views

UBUNTU-CVE-2023-0056

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability...

6.5CVSS6.9AI score0.01834EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/11/22 12:0 a.m.7 views

The vulnerability of the server software HAProxy, related to deficiencies in handling exceptional states, allows a perpetrator to compromise data integrity.

The vulnerability of the server software HAProxy is related to deficiencies in handling exceptional states. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

7.8CVSS7.2AI score0.02341EPSS
Exploits0References8Affected Software3
NCSC
NCSC
added 2022/04/13 12:0 a.m.3 views

Vulnerability fixed in HAProxy

A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...

7.5CVSS6.8AI score0.16563EPSS
Exploits0
OSV
OSV
added 2022/04/11 8:15 p.m.3 views

CVE-2021-4047

The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9...

7.5CVSS7.1AI score0.00897EPSS
Exploits0References1
Veracode
Veracode
added 2022/03/08 6:15 p.m.25 views

Denial Of Service (DoS)

haproxy is vulnerable to denial of service. The vulnerability exists due to a remote infinite loop via Set-Cookie2 header...

7.5CVSS2AI score0.16563EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2022/01/19 1:25 p.m.3 views

haproxy: request smuggling attack or response splitting via duplicate content-length header

Proxy server haproxy has a flaw that can could allow an HTTP request smuggling attack with the goal of bypassing access-control list rules defined by haproxy. The attack was made possible by utilizing an integer overflow vulnerability that allowed reaching an unexpected state in haproxy while...

7.5CVSS5.8AI score0.57934EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2021/11/10 8:49 p.m.2 views

haproxy: request smuggling attack or response splitting via duplicate content-length header

Proxy server haproxy has a flaw that can could allow an HTTP request smuggling attack with the goal of bypassing access-control list rules defined by haproxy. The attack was made possible by utilizing an integer overflow vulnerability that allowed reaching an unexpected state in haproxy while...

7.5CVSS5.8AI score0.57934EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2021/11/10 8:49 p.m.8 views

haproxy: does not ensure that the scheme and path portions of a URI have the expected characters

A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters. This may cause specially crafted input to bypass implemented security restrictions. The highest threat from...

7.5CVSS5.8AI score0.02319EPSS
Exploits0References4
Veracode
Veracode
added 2021/08/20 3:42 a.m.5 views

Privilege Escalation

HAProxy is vulnerable to privilege escalation. The vulnerability exists due to a flaw in HTTP method name that when it contains a space followed by the name of a protected resource, it is possible that a server would interpret this as a request for that protected resource, such as in the "GET...

5.3CVSS6.5AI score0.0177EPSS
Exploits0References10Affected Software8
Veracode
Veracode
added 2021/08/20 3:41 a.m.8 views

Authorization Bypass

haproxy is vulnerable to authorization bypass. Lack of validation of the HTTP Host header could potentially result in bypass of access controls due to a mishandling of the Host and authority...

7.5CVSS6.5AI score0.02341EPSS
Exploits0References10Affected Software7
Veracode
Veracode
added 2021/08/20 3:39 a.m.8 views

Insecure URL Path

HAProxy has insecure path. The vulnerability exists due to the system not ensuring that the scheme and path portions of a URI have the expected characters...

7.5CVSS6.5AI score0.02319EPSS
Exploits0References12Affected Software7
OSV
OSV
added 2021/08/17 5:1 p.m.4 views

USN-5042-1 haproxy vulnerabilities

It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions...

5.3CVSS6AI score0.0177EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/17 12:0 a.m.4 views

Haproxy HAProxy 安全漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy Haproxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of connection levels, with high efficiency and stability. HAProxy has a security vulnerability that stems fro...

5.3CVSS5.6AI score0.0177EPSS
Exploits0References22
CNNVD
CNNVD
added 2021/08/17 12:0 a.m.4 views

Haproxy HAProxy 安全漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy Haproxy. The server provides Layer 4 and Layer 7 proxies and can support tens of thousands of connection levels with high efficiency and stability. A security vulnerability exists in HAProxy, which...

7.5CVSS7.2AI score0.02341EPSS
Exploits0References14
BDU FSTEC
BDU FSTEC
added 2021/03/21 12:0 a.m.8 views

The vulnerability of the HPACK decoder in HAProxy server software allows for exploitation by reading data beyond the allowed buffer limits, enabling attackers to cause service failures.

The vulnerability of the HPACK decoder in HAProxy server software relates to reading data from buffer fields beyond their allowable limits. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.5CVSS7AI score0.03009EPSS
Exploits0References6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/10 11:19 p.m.36 views

Security Bulletin: HAProxy vulnerability CVE-2019-19330 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

Summary HAProxy vulnerability CVE-2019-19330 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer...

9.8CVSS2.6AI score0.03955EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/15 12:0 a.m.4 views

The vulnerability of the `dns_validate_dns_response` function in the `dns.c` component of the HAProxy network software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the dnsvalidatednsresponse function in the dns.c component of the HAProxy network software arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to...

5CVSS6.7AI score0.04347EPSS
Exploits0References13Affected Software7
Rows per page
Query Builder