Haproxy

Haproxy

33 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2025-32464

  • EPSS 0.54%
  • Published 09.04.2025 00:00:00
  • Last modified 23.04.2025 22:15:15

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.

5.3

CVE-2024-53008

  • EPSS 0.18%
  • Published 28.11.2024 03:15:16
  • Last modified 28.11.2024 03:15:16

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As ...

5.3

CVE-2024-49214

  • EPSS 0.31%
  • Published 14.10.2024 04:15:05
  • Last modified 29.10.2024 16:35:14

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

7.5

CVE-2024-45506

  • EPSS 0.28%
  • Published 04.09.2024 15:15:14
  • Last modified 14.03.2025 20:15:13

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.

8.2

CVE-2023-45539

  • EPSS 0.02%
  • Published 28.11.2023 20:15:07
  • Last modified 21.11.2024 08:26:56

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static se...

7.2

CVE-2023-40225

Exploit
  • EPSS 0.03%
  • Published 10.08.2023 21:15:10
  • Last modified 21.11.2024 08:19:02

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon case...

7.3

CVE-2023-25950

  • EPSS 0.06%
  • Published 11.04.2023 09:15:07
  • Last modified 11.02.2025 16:15:32

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) co...

7.5

CVE-2023-0836

  • EPSS 0.01%
  • Published 29.03.2023 21:15:07
  • Last modified 18.02.2025 17:15:15

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BE...

6.5

CVE-2023-0056

  • EPSS 0.15%
  • Published 23.03.2023 21:15:19
  • Last modified 25.02.2025 20:15:31

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impac...

9.1

CVE-2023-25725

  • EPSS 19.69%
  • Published 14.02.2023 19:15:11
  • Last modified 20.03.2025 20:15:29

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to trunca...