9 results (0.011 seconds)

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. HAProxy anterior a 2.8.2 acepta # como parte del componente URI, lo que podría permitir a atacantes remotos obtener información confidencial o tener otro impacto no especificado tras una mala interpretación de una regla path_end, como enrutar index.html#.png a un servidor estático. • https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6 https://lists.debian.org/debian-lts-announce/2023/12/msg00010.html https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html https://access.redhat.com/security/cve/CVE-2023-45539 https://bugzilla.redhat.com/show_bug.cgi?id=2253037 • CWE-116: Improper Encoding or Escaping of Output CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render the HTTP/1 server vulnerable to attacks in some uncommon cases. • https://cwe.mitre.org/data/definitions/436.html https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856 https://github.com/haproxy/haproxy/issues/2237 https://www.haproxy.org/download/2.6/src/CHANGELOG https://www.haproxy.org/download/2.7/src/CHANGELOG https://www.haproxy.org/download/2.8/src/CHANGELOG https://access.redhat.com/security/cve/CVE-2023-40225 https://bugzilla.redhat.com/show_bug.cgi?id=2231370 • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way. A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGI_BEGIN_REQUEST record. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. • https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a https://www.debian.org/security/2023/dsa-5388 https://access.redhat.com/security/cve/CVE-2023-0836 https://bugzilla.redhat.com/show_bug.cgi?id=2180746 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-459: Incomplete Cleanup •

CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 1

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. • https://github.com/sgwgsw/LAB-CVE-2023-25725 https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112 https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG https://www.debian.org/security/2023/dsa-5348 https://www.hapro • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 17%CPEs: 8EXPL: 0

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. Se ha encontrado un fallo en la forma en que HAProxy procesa las respuestas HTTP que contienen el encabezado "Set-Cookie2". Este fallo podría permitir a un atacante enviar paquetes de respuesta HTTP diseñados que conllevaran a un bucle infinito, resultando eventualmente en una situación de denegación de servicio. • https://access.redhat.com/security/cve/cve-2022-0711 https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 https://www.debian.org/security/2022/dsa-5102 https://www.mail-archive.com/haproxy%40formilux.org/msg41833.html https://access.redhat.com/security/cve/CVE-2022-0711 https://bugzilla.redhat.com/show_bug.cgi?id=2053666 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •