CBL Mariner 2.0 Security Update: haproxy (CVE-2023-40225)

The version of haproxy installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40225 advisory. - HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x...

SUSE SLES15 Security Update : haproxy (SUSE-SU-2023:3490-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:3490-1 advisory. - HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x...

CVE-2023-45539 affecting package haproxy for versions less than 2.4.24-1

CVE-2023-45539 affecting package haproxy for versions less than 2.4.24-1. A patched version of the package is available...

CVE-2024-49214 affecting package haproxy for versions less than 2.4.24-1

CVE-2024-49214 affecting package haproxy for versions less than 2.4.24-1. A patched version of the package is available...

CVE-2023-40225 affecting package haproxy for versions less than 2.4.24-1

CVE-2023-40225 affecting package haproxy for versions less than 2.4.24-1. An upgraded version of the package is available that resolves this issue...

SUSE-SU-2023:3490-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-40225: Fixed request smuggling with empty content-length header value bsc1214102...

SUSE SLES15 / openSUSE 15 Security Update : haproxy (SUSE-SU-2023:3469-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3469-1 advisory. - HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before...

SUSE-SU-2023:3469-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-40225: Fixed request smuggling with empty content-length header value bsc1214102...

Medium: haproxy

Issue Overview: HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind...

Amazon Linux 2023 : haproxy (ALAS2023-2023-293)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-293 advisory. HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers,...

HTTP Request Smuggling

Haproxy is vulnerable to HTTP Request Smuggling. This vulnerability exists in the HTTP/1 server, which interprets a payload as an extra request due to empty Content-Length headers being forwarded. This allows an attacker to inject malicious payloads into the system...

Important Photon OS Security Update - PHSA-2023-3.0-0637

Updates of 'nxtgn-openssl', 'gdb', 'iperf', 'haproxy' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2023-4.0-0455

Updates of 'haproxy' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2023-5.0-0075

Updates of 'haproxy' packages of Photon OS have been released...

HAProxy through 2.0.32 2.1.x and 2.2.x through 2.2.30 2.3.x and 2.4.x through 2.4.23 2.5.x and 2.6.x before 2.6.15 2.7.x before 2.7.10 and 2.8.x before 2.8.2 forwards empty Content-Length headers violating RFC 9110 section 8.6. In uncommon cases an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

...

Ubuntu: Security Advisory (USN-6294-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6294-2 haproxy vulnerability

USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the paylo...

USN-6294-2: HAProxy vulnerability

USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the paylo...

Ubuntu 20.04 LTS : HAProxy vulnerability (USN-6294-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6294-2 advisory. USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Tenable has extracted the preceding description...

Ubuntu: Security Advisory (USN-6294-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...