Search CVE reports
1 – 10 of 32 results
CVE-2024-49214
Medium priorityQUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
1 affected packages
haproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
haproxy | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-45506
Medium priorityHAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
1 affected packages
haproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
haproxy | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-45539
Medium priorityHAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as...
1 affected packages
haproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
haproxy | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2023-44487
High prioritySome fixes available 18 of 56
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
13 affected packages
dotnet6, dotnet7, dotnet8, h2o, haproxy...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Fixed | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Fixed | Not in release | Not in release | Not in release |
dotnet8 | Fixed | Not affected | Not in release | Not in release | Not in release |
h2o | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
haproxy | Not affected | Not affected | Not affected | Fixed | Not affected |
netty | Not affected | Fixed | Fixed | Not affected | Not affected |
nghttp2 | Not affected | Fixed | Fixed | Fixed | Fixed |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
nodejs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tomcat10 | Needs evaluation | Not in release | Not in release | Ignored | Ignored |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-40225
Medium priorityHAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section...
1 affected packages
haproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
haproxy | — | Fixed | Fixed | Not affected | Not affected |
CVE-2023-25950
Medium priorityHTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a...
1 affected packages
haproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
haproxy | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-0836
Medium priorityAn information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when...
1 affected packages
haproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
haproxy | — | Fixed | Not affected | Not affected | Not affected |
CVE-2023-25725
Medium prioritySome fixes available 8 of 9
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which...
1 affected packages
haproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
haproxy | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2023-0056
Medium priorityAn uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift...
1 affected packages
haproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
haproxy | — | Fixed | Fixed | Not affected | Not affected |
CVE-2022-0711
Medium priorityA flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a...
1 affected packages
haproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
haproxy | — | Not affected | Fixed | Not affected | Not affected |