Lucene search
UbuntuUSN-6294-1HistoryAug 16, 2023 - 12:00 a.m.
HAProxy vulnerability
2023-08-1600:00:00
ubuntu.com
28
ubuntu
haproxy
vulnerability
payload manipulation
content-length headers
bypass restrictions
Releases
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Packages
- haproxy - fast and reliable load balancing reverse proxy
Details
Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length
headers. A remote attacker could possibly use this issue to manipulate the
payload and bypass certain restrictions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.04 | noarch | haproxy | < 2.6.9-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 23.04 | noarch | haproxy-dbgsym | < 2.6.9-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 23.04 | noarch | haproxy-doc | < 2.6.9-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 23.04 | noarch | vim-haproxy | < 2.6.9-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | haproxy | < 2.4.22-0ubuntu0.22.04.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | haproxy-dbgsym | < 2.4.22-0ubuntu0.22.04.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | haproxy-doc | < 2.4.22-0ubuntu0.22.04.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | vim-haproxy | < 2.4.22-0ubuntu0.22.04.2 | UNKNOWN |
References
Related
nessus
nessus
EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2023-3008)
2024-01-16 00:00:00
EulerOS 2.0 SP10 : haproxy (EulerOS-SA-2023-3215)
2024-01-16 00:00:00
RHCOS 4 : OpenShift Container Platform 4.12.47 (RHSA-2024:0200)
2024-01-24 00:00:00
ubuntucve
ubuntucve
CVE-2023-40225
2023-08-10 00:00:00
redhatcve
redhatcve
CVE-2023-40225
2023-08-15 19:49:16
openvas
openvas
openSUSE: Security Advisory for haproxy (SUSE-SU-2023:3469-1)
2024-03-04 00:00:00
Ubuntu: Security Advisory (USN-6294-1)
2023-08-17 00:00:00
Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2878)
2023-10-09 00:00:00
cve
cve
CVE-2023-40225
2023-08-10 21:15:10
redos
redos
ROS-20240401-04
2024-04-01 00:00:00
ubuntu
ubuntu
HAProxy vulnerability
2023-08-17 00:00:00
alpinelinux
alpinelinux
CVE-2023-40225
2023-08-10 21:15:10
prion
prion
Cross site request forgery (csrf)
2023-08-10 21:15:00
veracode
veracode
HTTP Request Smuggling
2023-08-23 12:33:10
cvelist
cvelist
CVE-2023-40225
2023-08-10 00:00:00
mageia
mageia
Updated haproxy packages fix security vulnerability
2023-11-20 13:04:11
redhat
redhat
osv
osv
CVE-2023-40225
2023-08-10 21:15:10
BIT-haproxy-2023-40225
2024-03-06 10:53:12
haproxy vulnerability
2023-08-17 14:53:13
cgr
cgr
CVE-2023-40225 vulnerabilities
2024-05-17 15:41:37
cbl_mariner
cbl_mariner
CVE-2023-40225 affecting package haproxy for versions less than 2.4.24-1
2023-08-30 14:44:06
debiancve
debiancve
CVE-2023-40225
2023-08-10 21:15:10
wolfi
wolfi
CVE-2023-40225 vulnerabilities
2024-05-17 21:08:03
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0455
2023-08-22 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0075
2023-08-21 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0637
2023-08-23 00:00:00
almalinux
almalinux
Moderate: haproxy security update
2024-03-05 00:00:00
debian
debian
[SECURITY] [DSA 5590-1] haproxy security update
2023-12-28 12:46:56
oraclelinux
oraclelinux
haproxy security update
2024-03-06 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2400
2024-04-17 13:35:24
ibm
ibm