HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack

A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively...

USN-5063-1: HAProxy vulnerabilities

Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks...

USN-5063-1 haproxy vulnerabilities

Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks...

openSUSE 15 Security Update : haproxy (openSUSE-SU-2021:2975-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:2975-1 advisory. - An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing ...

Debian DSA-4968-1 : haproxy - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-4968 advisory. Ori Hollander reported that missing header name length checks in the htxaddheader and htxaddtrailer functions in HAProxy, a fast and reliable load balancing reverse proxy,...

Haproxy HAProxy 输入验证错误漏洞

HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy=. =HAProxy suffers from an input validation error vulnerability, which stems from a lack of header name length checking in the htxaddheader and htxaddtrailer functions in HAProxy, and can be exploited by an...

Ubuntu 20.04 LTS : HAProxy vulnerabilities (USN-5063-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5063-1 advisory. Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate...

SUSE SLES15 Security Update : haproxy (SUSE-SU-2021:2975-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:2975-1 advisory. - An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an...

openSUSE: Security Advisory for haproxy (openSUSE-SU-2021:2975-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] [DSA 4968-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4968-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4968-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4968-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2021 https://www.debian.org/security/faq -...

OPENSUSE-SU-2021:2975-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2021-40346: Fixed request smuggling vulnerability in HTX bsc1189877...

SUSE-SU-2021:2975-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2021-40346: Fixed request smuggling vulnerability in HTX bsc1189877...

UBUNTU-CVE-2021-40346

An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs...

CVE-2021-40346

An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs...

DSA-4968-1 haproxy - security update

Bulletin has no description...

Security update for haproxy (moderate)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2021:2975-1 Rating: moderate References: 1189877 Cross-References: CVE-2021-40346 CVSS scores: CVE-2021-40346 SUSE: 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 An update...

Photon OS 3.0: Haproxy PHSA-2021-3.0-0293

An update of the haproxy package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0293. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Photon OS 4.0: Haproxy PHSA-2021-4.0-0092

An update of the haproxy package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0092. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Important Photon OS Security Update - PHSA-2021-0092

Updates of 'cpio', 'haproxy' packages of Photon OS have been released...