CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45539 – haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
https://notcve.org/view.php?id=CVE-2023-45539
28 Nov 2023 — HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. HAProxy anterior a 2.8.2 acepta # como parte del componente URI, lo que podría permitir a atacantes remotos obtener información confidencial o tener otro impacto no especificado tras una mala interpretación de una regla path_end, como enrutar index.html#.p... • https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6 • CWE-116: Improper Encoding or Escaping of Output CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-40225 – haproxy: Proxy forwards malformed empty Content-Length headers
https://notcve.org/view.php?id=CVE-2023-40225
10 Aug 2023 — HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render ... • https://cwe.mitre.org/data/definitions/436.html • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0836 – haproxy: data leak via fcgi requests
https://notcve.org/view.php?id=CVE-2023-0836
29 Mar 2023 — An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way. A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGI_BEG... • https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-459: Incomplete Cleanup •
CVSS: 9.4EPSS: 44%CPEs: 8EXPL: 1CVE-2023-25725 – haproxy: request smuggling attack in HTTP/1 header parsing
https://notcve.org/view.php?id=CVE-2023-25725
14 Feb 2023 — HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sen... • https://github.com/sgwgsw/LAB-CVE-2023-25725 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 92%CPEs: 14EXPL: 6CVE-2021-40346 – haproxy: request smuggling attack or response splitting via duplicate content-length header
https://notcve.org/view.php?id=CVE-2021-40346
08 Sep 2021 — An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. Se presenta un desbordamiento de enteros en HAProxy versiones 2.0 a 2.5, en la función htx_add_header() que puede ser explotada para llevar a cabo un ataque de contrabando de peticiones HTTP, permitiendo a un atacante omitir todas las ACLs configuradas de HAProxy de peticione... • https://github.com/knqyf263/CVE-2021-40346 • CWE-190: Integer Overflow or Wraparound CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39241 – haproxy: an HTTP method name may contain a space followed by the name of a protected resource
https://notcve.org/view.php?id=CVE-2021-39241
17 Aug 2021 — An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such as in the "GET /admin? HTTP/1.1 /static/images HTTP/1.1" example. Se ha detectado un problema en HAProxy versiones 2.0 anteriores a 2.0.24, versiones 2.2 anteriores a 2.2.16, versiones 2.3 anteriores a 2.3.13 y vers... • https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=89265224d314a056d77d974284802c1b8a0dc97f • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 78%CPEs: 9EXPL: 1CVE-2020-11100 – haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes
https://notcve.org/view.php?id=CVE-2020-11100
02 Apr 2020 — In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. En la función hpack_dht_insert en el archivo hpack-tbl.c en el decodificador HPACK en HAProxy versiones 1.8 hasta 2.x anteriores a 2.1.4, un atacante remoto puede escribir bytes arbitrarios alrededor de una determinada ubicación en la pila (heap) por medio de una... • https://packetstorm.news/files/id/157323 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-19330 – haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks
https://notcve.org/view.php?id=CVE-2019-19330
27 Nov 2019 — The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. La implementación de HTTP/2 en HAProxy versiones anteriores a la versión 2.0.10, maneja inapropiadamente los encabezados, como es demostrado por el retorno de carro (CR, ASCII 0xd), salto de línea (LF, ASCII 0xa) y el carácter cero (NUL, ASCII 0x0), también se conoce como Ataques ... • https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2019-18277 – haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value
https://notcve.org/view.php?id=CVE-2019-18277
23 Oct 2019 — A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specificati... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00016.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 35%CPEs: 2EXPL: 1CVE-2019-14241
https://notcve.org/view.php?id=CVE-2019-14241
23 Jul 2019 — HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. HAProxy hasta versión 2.0.2, permite a los atacantes causar una denegación de servicio (ha_panic) por medio de vectores relacionados con la función htx_manage_client_side_cookies en el archivo proto_htx.c. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00060.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •