1990 matches found
haproxy: request smuggling attack in HTTP/1 header parsing
A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...
SUSE CVE-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...
Oracle Linux 9 : haproxy (ELSA-2023-1696)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-1696 advisory. - Reject empty http header field names CVE-2023-25725, 2174174 Tenable has extracted the preceding description block directly from the Oracle Linux...
Moderate: Red Hat Security Advisory: haproxy security update
An update for haproxy is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
haproxy: segfault DoS
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability...
haproxy: request smuggling attack in HTTP/1 header parsing
A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...
CVE-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...
CVE-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...
CVE-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...
RHEL 9 : haproxy (RHSA-2023:1696)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1696 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy...
haproxy security update
2.4.17-3.2 - Reject empty http header field names CVE-2023-25725, 2174174 2.4.17-3.1 - Refuse interim responses with end-stream flag set CVE-2023-0056, 2174172...
CVE-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...
CVE-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...
PT-2023-20381 · Haproxy +1 · Haproxy +1
Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.6.1 through 2.6.7 HAProxy version 2.7.0 Description: The issue allows a remote attacker to alter a legitimate user's request, potentially obtaining sensitive information or causing a denial-of-service DoS condition...
CVE-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...
CVE-2023-25950
CVE-2023-25950 : HTTP request/response smuggling in HAProxy affects 2.7.0 and 2.6.1–2.6.7, enabling a remote attacker to alter a legitimate user’s request, potentially leaking data or causing DoS. Mitigation in the cited sources points to upgrading HAProxy to newer releases (e.g., 2.8.3 or later)...
CVE-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...
ALSA-2023:1696 Moderate: haproxy security update
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: segfault DoS CVE-2023-0056 haproxy: request smuggling attack in HTTP/1 header parsing CVE-2023-25725 For more details about the security issues, including...
Moderate: haproxy security update
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: segfault DoS CVE-2023-0056 haproxy: request smuggling attack in HTTP/1 header parsing CVE-2023-25725 For more details about the security issues, including...
Important Photon OS Security Update - PHSA-2023-3.0-0566
Updates of 'haproxy' packages of Photon OS have been released...