Haproxy HAProxy 安全漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy Haproxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of connection levels, with high efficiency and stability. HAProxy has a security vulnerability that stems fro...

Ubuntu 20.04 LTS : HAProxy vulnerabilities (USN-5042-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5042-1 advisory. It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions. Tenable has...

DSA-4960-1 haproxy - security update

Bulletin has no description...

PT-2021-7625 · Haproxy +2 · Haproxy +2

Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.0 through 2.0.23 HAProxy versions 2.2 through 2.2.15 HAProxy versions 2.3 through 2.3.12 HAProxy versions 2.4 through 2.4.2 Description: The issue is related to insufficient input validation in the HAProxy HTTP server...

Roxy-WI Command Injection Vulnerability

Roxy-WI, the web interface for managing Haproxy, Nginx, and Keepalived servers, is vulnerable to a command injection vulnerability in Roxy-WI 5.2.2.0 and earlier. An attacker can exploit this vulnerability to conduct command injection attacks via /app/funct.py and /api/apifunct.py...

Roxy-WI SQL Injection Vulnerability

Roxy-WI is a web interface for managing Haproxy, Nginx, and Keepalived servers. SQL injection vulnerabilities exist in Roxy-WI 5.2.2.0 and earlier versions, which can be exploited by attackers to conduct SQL injection attacks via selectservers...

Roxy-WI SQL注入漏洞

Roxy-WI is a web interface for managing Haproxy, Nginx, and Keepalived servers. SQL injection vulnerabilities exist in Roxy-WI 5.2.2.0 and earlier versions, which can be exploited by attackers to conduct SQL injection attacks via selectservers...

CVE-2019-20444

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

Advisory ROSA-SA-2021-1851

Software: haproxy 1.5.18 OS: Cobalt 7.9 CVE-ID: CVE-2018-10184 CVE-Crit: HIGH CVE-DESC: An issue was found in HAProxy before 1.8.8. The length of the incoming H2 frame was checked by maxframesize instead of checking by bufsize. Maxframesize applies only to outgoing traffic, not incoming traffic, ...

ALBA-2021:1926 haproxy bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

haproxy bug fix and enhancement update

An update is available for haproxy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

haproxy bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2021-1797)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : haproxy (EulerOS-SA-2021-1797)

According to the version of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the 'chunked' value were not being...

The vulnerability of the HPACK decoder in HAProxy server software allows for exploitation by reading data beyond the allowed buffer limits, enabling attackers to cause service failures.

The vulnerability of the HPACK decoder in HAProxy server software relates to reading data from buffer fields beyond their allowable limits. Exploiting this vulnerability can allow a malicious actor to cause service failures...

PT-2022-6828 · Haproxy +6 · Haproxy +6

Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.1 through 2.7 before 2.7.1 HAProxy version 2.2 before 2.2.27 HAProxy version 2.3 HAProxy version 2.4 before 2.4.21 HAProxy version 2.5 before 2.5.11 HAProxy version 2.6 before 2.6.8 Description: An information leak issue wa...

CentOS 8 : haproxy (CESA-2020:1288)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2020:1288 advisory. - haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes CVE-2020-11100 Note that Nessus has not tested for this issue but has instead relied only ...

CentOS 8 : haproxy (CESA-2020:1725)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:1725 advisory. - haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated chunked value CVE-2019-18277 - haproxy: HTTP/2...

GLSA-202012-22 : HAProxy: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202012-22 HAProxy: Arbitrary code execution It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact : A remote attacker, by sending a specially crafted HTTP/2 request, could possibly execute arbitrary cod...

HAProxy: Arbitrary code execution

Background HAProxy is a TCP/HTTP reverse proxy for high availability environments. Description It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact A remote attacker, by sending a specially crafted HTTP/2 request, could possibly execute arbitrary code with the...