CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

[SECURITY] [DSA 5348-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5348-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 14, 2023 https://www.debian.org/security/faq -...

SUSE-SU-2023:0413-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser bsc1208132. - CVE-2023-0056: Fixed denial of service via crash in httpwaitforresponse bsc1207181...

SUSE-SU-2023:0412-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser bsc1208132. - CVE-2023-0056: Fixed denial of service via crash in httpwaitforresponse bsc1207181...

SUSE-SU-2023:0411-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser bsc1208132. - Fixed an issue where sensitive data might leak to the backend...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

HAProxy 安全漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company Haproxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of levels of connections with high efficiency and stability. A security vulnerability exists in HAProxy versions prio...

DLA-3318-1 haproxy - security update

Bulletin has no description...

PT-2023-1389

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 2.7.3 HAProxy versions prior to 2.6.9 HAProxy versions prior to 2.5.12 HAProxy versions prior to 2.4.22 HAProxy versions prior to 2.2.29 HAProxy versions prior to 2.0.31 Description The issue is related to the handlin...

CVE-2023-25725

HAProxy URL: CVE-2023-25725 affects HAProxy with HTTP/1 header parsing issues that may allow bypassing access control via request smuggling. The root cause is that the HTTP header parsers can accept empty header field names, potentially truncating the header list and causing headers to disappear ...

DSA-5348-1 haproxy - security update

Bulletin has no description...

Low: Red Hat Security Advisory: RHUI 4.3.0 release - Security Fixes, Bug Fixes, and Enhancements Update

An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.3 fixes a security bug, introduces multiple new features, and upgrades underlying Pulp to a Long Term Support LTS version. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

SUSE-SU-2023:0153-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-0056: Fixed a server crash that could be triggered via a malformed HTTP/2 frame bsc1207181...

SUSE SLES15 / openSUSE 15 Security Update : haproxy (SUSE-SU-2023:0153-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0153-1 advisory. - An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could...

Denial Of Service (DoS)

haproxy is vulnerable to Denial of Service DoS attacks. A remote attacker is able to cause the server to stop responding, which results in denial of service conditions due to incorrect handling of certain messages...

Haproxy 资源管理错误漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company Haproxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of connection levels, with high efficiency and stability. HAProxy has a security vulnerability that stems from...