haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.10 haproxy security update

An update for haproxy is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting

pfSense 2.4.4-p1 HAProxy Package 0.5914 - Persistent Cross-Site Scripting Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Date: 13.02.2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N...

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting

Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Date: 13.02.2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N/A Google Dork: N/A CVE:2019-8953 Introduction pfSense® software is a free...

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) Cross Site Scripting

Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Date: 13.02.2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N/A Google Dork: N/A CVE:2019-8953 Introduction pfSenseAr software is a fre...

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N/A Google Dork: N/A CVE:2019-8953...

pfSense HAProxy package cross-site scripting vulnerability

pfsense is an open source routing and firewall software , based on freebsd system customization and development . A cross-site scripting vulnerability exists in pfSense's HAProxy package before version 0.5916. A remote attacker can use this vulnerability to inject arbitrary Web script or HTML wit...

CVE-2019-8953

The HAProxy package before 0.5916 for pfSense has XSS via the desc aka Description or tableactionsaclN parameter, related to haproxylisteners.php and haproxylistenersedit.php...

CVE-2019-8953

The HAProxy package before 0.5916 for pfSense has XSS via the desc aka Description or tableactionsaclN parameter, related to haproxylisteners.php and haproxylistenersedit.php...

Design/Logic Flaw

The HAProxy package before 0.5916 for pfSense has XSS via the desc aka Description or tableactionsaclN parameter, related to haproxylisteners.php and haproxylistenersedit.php...

CVE-2019-8953

The HAProxy package before 0.5916 for pfSense has XSS via the desc aka Description or tableactionsaclN parameter, related to haproxylisteners.php and haproxylistenersedit.php...

CVE-2019-8953

The CVE affects pfSense’s HAProxy package prior to version 0.59_16. The vulnerability is a cross-site scripting flaw exposed via the desc (Description) or table_actionsaclN parameter in haproxy_listeners.php and haproxy_listeners_edit.php. Impact is XSS (no data exfiltration detail provided in th...

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...

haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure

An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing...

HAProxy HTTP2 Frame Size Heap Buffer Overflow (CVE-2018-10184)

A heap-based buffer overflow vulnerability exists in HAProxy. The vulnerability is due to incorrect validation of frame length on incoming HTTP/2 frames. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target server...

openSUSE Security Update : haproxy (openSUSE-2019-166)

This update for haproxy version 1.8.17 fixes the following issues : Security issues fixed : - CVE-2018-20615: Fixed a denial of service, triggered by mishandling the priority flag on short HEADERS frame in the HTTP/2 decoder bsc1121283 This update was imported from the SUSE:SLE-15:Update update...

openSUSE: Security Advisory for haproxy (openSUSE-SU-2019:0166-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for haproxy (important)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2019:0166-1 Rating: important References: 1121283 Cross-References: CVE-2018-20615 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for haproxy...