Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2024-008)

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2024-008 advisory. HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive...

Medium: haproxy2

Issue Overview: HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server. CVE-2023-45539 Affected...

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-005)

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2HAPROXY2-2023-005 advisory. A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensur...

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-003)

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-003 advisory. HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations...

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-006)

The version of haproxy2 installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-006 advisory. In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write...

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-004)

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-004 advisory. The HAProxy Github issue describes this vulnerability as follows: Crash SEGV in httpwaitforresponse in 2.2.19, 2.2.24, and...

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-007)

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-007 advisory. HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7...

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-001)

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-001 advisory. A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This flaw could allow an...

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-002)

The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2HAPROXY2-2023-002 advisory. An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missi...

Important: haproxy2

Issue Overview: HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and...

Important: haproxy2

Issue Overview: A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from th...

Important: haproxy2

Issue Overview: An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer,...

Medium: haproxy2

Issue Overview: The HAProxy Github issue describes this vulnerability as follows: Crash SEGV in httpwaitforresponse in 2.2.19, 2.2.24, and 2.2.26 because sl start line variable is NULL. CVE-2023-0056 Affected Packages: haproxy2 Note: This advisory is applicable to Amazon Linux 2 - Haproxy2 Extra...

Medium: haproxy2

Issue Overview: HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind...