CVE-2021-39240

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the routing rule...

Design/Logic Flaw

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

UBUNTU-CVE-2021-39241

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

CVE-2021-39240

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the routing rule...

CVE-2021-39240

CVE-2021-39240 affects HAProxy versions before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. Root cause: the scheme and path portions of a URI are not guaranteed to contain expected characters, allowing authority mismatches and potential information exposure. Connected advisories (Astra Linux,...

CVE-2021-39240

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the routing rule...

CVE-2021-39241

HAProxy contains a vulnerability CVE-2021-39241 where an HTTP method name may contain a space before a protected resource, potentially causing a request to be interpreted as accessing that resource. Affected series include HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 b...

CVE-2021-39241

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

CVE-2021-39241

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

CVE-2021-39242

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled...

CVE-2021-39242

HAProxy contains a vulnerability (CVE-2021-39242) affecting 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3 where mismatch between Host and authority can allow an attacker-controlled HTTP Host header. Reports indicate this could enable manipulation of requests and potential impac...

CVE-2021-39242

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled...

USN-5042-1: HAProxy vulnerabilities

It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions...

USN-5042-1 haproxy vulnerabilities

It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions...

[SECURITY] [DSA 4960-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4960-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4960-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4960-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2021 https://www.debian.org/security/faq -...

SUSE-SU-2021:2769-1 Security update for haproxy

This update for haproxy fixes the following issues: - Fixes HAProxy vulnerabilities on H2 bsc1189366...

SUSE-SU-2021:2768-1 Security update for haproxy

This update for haproxy fixes the following issues: - Fixes HAProxy vulnerabilities on H2 bsc1189366...

Haproxy HAProxy 安全漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy Haproxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of levels of connections with high efficiency and stability. A security vulnerability exists in HAProxy that...

Haproxy HAProxy 安全漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy Haproxy. The server provides Layer 4 and Layer 7 proxies and can support tens of thousands of connection levels with high efficiency and stability. A security vulnerability exists in HAProxy, which...