Haproxy

Haproxy

33 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-0711

  • EPSS 66.48%
  • Published 02.03.2022 22:15:08
  • Last modified 21.11.2024 06:39:14

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service cond...

7.5

CVE-2021-40346

Exploit
  • EPSS 92.83%
  • Published 08.09.2021 17:15:12
  • Last modified 21.11.2024 06:23:54

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

7.5

CVE-2021-39242

  • EPSS 0.47%
  • Published 17.08.2021 19:15:08
  • Last modified 21.11.2024 06:18:59

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.

5.3

CVE-2021-39241

  • EPSS 0.44%
  • Published 17.08.2021 19:15:08
  • Last modified 21.11.2024 06:18:59

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this ...

7.5

CVE-2021-39240

  • EPSS 0.07%
  • Published 17.08.2021 19:15:08
  • Last modified 21.11.2024 06:18:59

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/...

8.8

CVE-2020-11100

  • EPSS 75.55%
  • Published 02.04.2020 15:15:17
  • Last modified 21.11.2024 04:56:47

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

9.8

CVE-2019-19330

  • EPSS 0.91%
  • Published 27.11.2019 16:15:11
  • Last modified 21.11.2024 04:34:35

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.

7.5

CVE-2019-18277

Exploit
  • EPSS 0.83%
  • Published 23.10.2019 14:15:10
  • Last modified 21.11.2024 04:32:57

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it cou...

7.5

CVE-2019-14241

Exploit
  • EPSS 37.04%
  • Published 23.07.2019 13:15:13
  • Last modified 21.11.2024 04:26:16

HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.

5.9

CVE-2019-11323

  • EPSS 0.01%
  • Published 09.05.2019 14:29:00
  • Last modified 21.11.2024 04:20:53

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.