CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45539 – haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
https://notcve.org/view.php?id=CVE-2023-45539
28 Nov 2023 — HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. HAProxy anterior a 2.8.2 acepta # como parte del componente URI, lo que podría permitir a atacantes remotos obtener información confidencial o tener otro impacto no especificado tras una mala interpretación de una regla path_end, como enrutar index.html#.p... • https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6 • CWE-116: Improper Encoding or Escaping of Output CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-40225 – haproxy: Proxy forwards malformed empty Content-Length headers
https://notcve.org/view.php?id=CVE-2023-40225
10 Aug 2023 — HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render ... • https://cwe.mitre.org/data/definitions/436.html • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25950
https://notcve.org/view.php?id=CVE-2023-25950
11 Apr 2023 — HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition. • https://github.com/dhmosfunk/HTTP3ONSTEROIDS • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0836 – haproxy: data leak via fcgi requests
https://notcve.org/view.php?id=CVE-2023-0836
29 Mar 2023 — An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way. A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGI_BEG... • https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-459: Incomplete Cleanup •
CVSS: 9.4EPSS: 44%CPEs: 8EXPL: 1CVE-2023-25725 – haproxy: request smuggling attack in HTTP/1 header parsing
https://notcve.org/view.php?id=CVE-2023-25725
14 Feb 2023 — HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sen... • https://github.com/sgwgsw/LAB-CVE-2023-25725 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •