3 matches found
CLSA-2026-1776342757 haproxy: Fix of CVE-2023-45539
CVE-2023-45539: reject '' as part of the URI to prevent ACL bypass via pathend rules...
haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
USN-6530-2 haproxy vulnerability
Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character . A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain pathend rules...