CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32464 – Ubuntu Security Notice USN-7431-1
https://notcve.org/view.php?id=CVE-2025-32464
09 Apr 2025 — HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one. USN-7431-1 fixed a vulnerability in HAProxy. This update provides the corresponding update for Ubuntu 25.04. Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a longer one. A remote attacker could use t... • https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559 • CWE-1025: Comparison Using Wrong Factors •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53008 – Ubuntu Security Notice USN-7133-1
https://notcve.org/view.php?id=CVE-2024-53008
28 Nov 2024 — Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information. Yuki Mogi discovered that HAProxy incorrectly handled the interpretation of certain HTTP requests. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive ... • https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45506
https://notcve.org/view.php?id=CVE-2024-45506
04 Sep 2024 — HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service. HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024. • http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3c • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45539 – haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
https://notcve.org/view.php?id=CVE-2023-45539
28 Nov 2023 — HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. HAProxy anterior a 2.8.2 acepta # como parte del componente URI, lo que podría permitir a atacantes remotos obtener información confidencial o tener otro impacto no especificado tras una mala interpretación de una regla path_end, como enrutar index.html#.p... • https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6 • CWE-116: Improper Encoding or Escaping of Output CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-40225 – haproxy: Proxy forwards malformed empty Content-Length headers
https://notcve.org/view.php?id=CVE-2023-40225
10 Aug 2023 — HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render ... • https://cwe.mitre.org/data/definitions/436.html • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25950
https://notcve.org/view.php?id=CVE-2023-25950
11 Apr 2023 — HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition. • https://github.com/dhmosfunk/HTTP3ONSTEROIDS • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0836 – haproxy: data leak via fcgi requests
https://notcve.org/view.php?id=CVE-2023-0836
29 Mar 2023 — An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way. A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGI_BEG... • https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-459: Incomplete Cleanup •
CVSS: 9.4EPSS: 17%CPEs: 8EXPL: 1CVE-2023-25725 – haproxy: request smuggling attack in HTTP/1 header parsing
https://notcve.org/view.php?id=CVE-2023-25725
14 Feb 2023 — HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sen... • https://github.com/sgwgsw/LAB-CVE-2023-25725 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.8EPSS: 0%CPEs: 29EXPL: 0CVE-2023-0056 – haproxy: segfault DoS
https://notcve.org/view.php?id=CVE-2023-0056
24 Jan 2023 — An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Pla... • https://access.redhat.com/security/cve/CVE-2023-0056 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 14%CPEs: 8EXPL: 0CVE-2022-0711 – haproxy: Denial of service via set-cookie2 header
https://notcve.org/view.php?id=CVE-2022-0711
02 Mar 2022 — A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. Se ha encontrado un fallo en la forma en que HAProxy procesa las respuestas HTTP que contienen el encabezado "Set-Cookie2". Este fallo podría permitir a un atacante enviar paquetes de respuesta H... • https://access.redhat.com/security/cve/cve-2022-0711 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •