RHCOS : OpenShift Container Platform 4.9.11 (RHSA-2021:5002)

The remote Red Hat Enterprise Linux CoreOS host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5002 advisory. - haproxy: Incomplete fix for CVE-2021-39242 in OpenShift 4.9 CVE-2021-4047 Note that Nessus has not tested for this issue but has instead reli...

RHCOS 4 : OpenShift Container Platform 4.6.57 (RHSA-2022:1620)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1620 advisory. - haproxy: Denial of service via set-cookie2 header CVE-2022-0711 - workflow-cps: OS command execution through crafted SCM contents...

RHCOS : OpenShift Container Platform 4.9.6 (RHSA-2021:4118)

The remote Red Hat Enterprise Linux CoreOS host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4118 advisory. - haproxy: does not ensure that the scheme and path portions of a URI have the expected characters CVE-2021-39240 - haproxy: an HTTP...

RHCOS 4 : OpenShift Container Platform 4.4.3 haproxy (RHSA-2020:1936)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1936 advisory. - haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated chunked value CVE-2019-18277 - haprox...

RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2020:1287)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1287 advisory. - haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated chunked value CVE-2019-18277 - haprox...

RHCOS 4 : OpenShift Container Platform 4.9.26 (RHSA-2022:1021)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1021 advisory. - haproxy: Denial of service via set-cookie2 header CVE-2022-0711 - workflow-cps: OS command execution through crafted SCM contents...

RHCOS 4 : OpenShift Container Platform 4.8.36 (RHSA-2022:1153)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1153 advisory. - haproxy: Denial of service via set-cookie2 header CVE-2022-0711 Note that Nessus has not tested for this issue but has instead relied only ...

RHCOS 3 : OpenShift Container Platform 3.9 haproxy (RHSA-2019:0547)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0547 advisory. - haproxy: Out-of-bounds read in dns.c:dnsvalidatednsresponse allows for memory disclosure CVE-2018-20102 - haproxy: Mishandling of...

RHCOS 3 : OpenShift Container Platform 3.10 haproxy (RHSA-2019:0548)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0548 advisory. - haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash CVE-2018-20615 Note that Nessus has not...

RHCOS 3 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1064)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1064 advisory. - 3: logs from a deleted namespace can be revealed if a new namespace with the same name is created CVE-2016-2149 - Privilege...

RHCOS 1 : haproxy (RHSA-2013:1204)

The remote Red Hat Enterprise Linux CoreOS 1 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:1204 advisory. - haproxy: httpgethdr/getipfromhdr2 MAXHDRHISTORY handling denial of service CVE-2013-2175 Note that Nessus has not tested for this issue but...

RHCOS 2 : Red Hat OpenShift Enterprise 2.2.8 (RHSA-2015:2666)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2666 advisory. - haproxy: information leak in bufferslowrealign CVE-2015-3281 Note that Nessus has not tested for this issue but has instead relied only on...

RHCOS 4 : OpenShift Container Platform 4.15.24 (RHSA-2024:4853)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4853 advisory. - haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers CVE-2023-45539 - go-retryablehttp: ur...

RHCOS 4 : OpenShift Container Platform 4.14.36 (RHSA-2024:6412)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6412 advisory. - golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString CVE-2022-23772 - haproxy: untrimm...

RHCOS 4 : OpenShift Container Platform 4.11.57 (RHSA-2024:0308)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0308 advisory. - haproxy: Proxy forwards malformed empty Content-Length headers CVE-2023-40225 Note that Nessus has not tested for this issue but has instea...

RHCOS 6 : haproxy (RHSA-2013:0729)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0729 advisory. - haproxy: rewrite rules flaw can lead to arbitrary code execution CVE-2013-1912 Note that Nessus has not tested for this issue but has inste...

Astra Linux - уязвимость в haproxy

A issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. A HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, as in t...

Astra Linux - уязвимость в haproxy

A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue does not ensure that the scheme and path portions of a URI contain the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : HAProxy vulnerability (USN-8208-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8208-1 advisory. Martino Spagnuolo discovered that HAProxy did not check received body lengths in the HTTP/3 parser. A remote attacker could possibly use this...

USN-8208-1 haproxy vulnerability

Martino Spagnuolo discovered that HAProxy did not check received body lengths in the HTTP/3 parser. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive information...