Haproxy

Haproxy

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.82%
  • Veröffentlicht 10.08.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:19:02

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon case...

  • EPSS 2.94%
  • Veröffentlicht 11.04.2023 09:15:07
  • Zuletzt bearbeitet 11.02.2025 16:15:32

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) co...

  • EPSS 1.2%
  • Veröffentlicht 29.03.2023 21:15:07
  • Zuletzt bearbeitet 18.02.2025 17:15:15

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BE...

  • EPSS 1.83%
  • Veröffentlicht 23.03.2023 21:15:19
  • Zuletzt bearbeitet 25.02.2025 20:15:31

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impac...

  • EPSS 5.49%
  • Veröffentlicht 14.02.2023 19:15:11
  • Zuletzt bearbeitet 20.03.2025 20:15:29

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to trunca...

  • EPSS 16.56%
  • Veröffentlicht 02.03.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:14

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service cond...

Exploit
  • EPSS 57.93%
  • Veröffentlicht 08.09.2021 17:15:12
  • Zuletzt bearbeitet 21.11.2024 06:23:54

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

  • EPSS 1.77%
  • Veröffentlicht 17.08.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:59

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this ...

  • EPSS 2.34%
  • Veröffentlicht 17.08.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:59

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.

  • EPSS 2.32%
  • Veröffentlicht 17.08.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:59

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/...