Fedora: Security Advisory for mirrorlist-server (FEDORA-2023-cc21019773)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-FU-2023:2119-1 Feature update for haproxy

This update for haproxy fixes the following issues: Update to version 2.0.31 jscPED-3821: BUG/CRITICAL: http: properly reject empty http header field names CI: github: don't warn on deprecated openssl functions on windows DOC: proxy-protocol: fix wrong byte in provided example DOC: config:...

SUSE-FU-2023:2117-1 Feature update for haproxy

This update for haproxy fixes the following issues: Update to version 2.0.31 jscPED-3821: BUG/CRITICAL: http: properly reject empty http header field names CI: github: don't warn on deprecated openssl functions on windows DOC: proxy-protocol: fix wrong byte in provided example DOC: config:...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

OESA-2023-1257 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: HTTP...

haproxy: segfault DoS

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability...

haproxy: request smuggling attack in HTTP/1 header parsing

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

Moderate: Red Hat Security Advisory: haproxy security update

An update for haproxy is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : haproxy (RHSA-2023:1978)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1978 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy...

The vulnerability in the Roxy-WI web interface for managing Haproxy, Nginx, Apache, and Keepalived allows a attacker to gain unauthorized access to protected information.

The vulnerability in the Roxy-WI web interface for managing Haproxy, Nginx, Apache, and Keepalived is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

Path traversal

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

CVE-2023-29004 Path Traversal Vulnerability in hap-wi/roxy-wi

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

CVE-2023-29004

CVE-2023-29004 affects hap-wi/roxy-wi (Roxy-WI) web interface. Versions around 6.3.9.0 and earlier are vulnerable. The flaw is a path traversal in the /app/modules/config/config.py get_config function, which only checks for relative traversals yet allows reading files from absolute paths supplied...

CVE-2023-29004 Path Traversal Vulnerability in hap-wi/roxy-wi

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

HTTP Request/Response Smuggling

haproxy is vulnerable to HTTP Request/Response Smuggling. The vulnerability allows a malicious attacker to alter a authorized users request resulting in information disclosure or denial of service...

Roxy-WI 路径遍历漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A path traversal vulnerability exists in Roxy-WI version 6.3.9.0 and earlier, which stems from the presence of a path traversal vulnerability that can be exploited by an attacker to gain access to the...

Debian: Security Advisory (DSA-5388-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5388-1 : haproxy - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5388 advisory. It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGIBEGINREQUEST record. ...

[SECURITY] [DSA 5388-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5388-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2023 https://www.debian.org/security/faq -...

DSA-5388-1 haproxy - security update

Bulletin has no description...