Количество 14
Количество 14
BDU:2023-00758
Уязвимость серверного программного обеспечения HAProxy, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку «контрабанда HTTP-запросов»
ROS-20230620-03
Уязвимость HAProxy
CVE-2023-25725
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
CVE-2023-25725
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
CVE-2023-25725
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
CVE-2023-25725
CVE-2023-25725
HAProxy before 2.7.3 may allow a bypass of access control because HTTP ...
SUSE-SU-2023:0411-1
Security update for haproxy
GHSA-h2p2-w857-329f
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
SUSE-SU-2023:0413-1
Security update for haproxy
SUSE-SU-2023:0412-1
Security update for haproxy
SUSE-FU-2023:2119-1
Feature update for haproxy
SUSE-FU-2023:2117-1
Feature update for haproxy
ELSA-2023-1696
ELSA-2023-1696: haproxy security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-00758 Уязвимость серверного программного обеспечения HAProxy, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнять атаку «контрабанда HTTP-запросов» | CVSS3: 7.5 | 17% Средний | больше 2 лет назад |
 | ROS-20230620-03 Уязвимость HAProxy | CVSS3: 7.5 | 17% Средний | около 2 лет назад |
 | CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. | CVSS3: 9.1 | 17% Средний | больше 2 лет назад |
 | CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. | CVSS3: 8.2 | 17% Средний | больше 2 лет назад |
 | CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. | CVSS3: 9.1 | 17% Средний | больше 2 лет назад |
 | CVSS3: 9.1 | 17% Средний | больше 2 лет назад | |
| CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP ... | CVSS3: 9.1 | 17% Средний | больше 2 лет назад |
 | SUSE-SU-2023:0411-1 Security update for haproxy | 17% Средний | больше 2 лет назад | |
| GHSA-h2p2-w857-329f HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. | CVSS3: 9.1 | 17% Средний | больше 2 лет назад |
| SUSE-SU-2023:0413-1 Security update for haproxy | больше 2 лет назад | ||
| SUSE-SU-2023:0412-1 Security update for haproxy | больше 2 лет назад | ||
| SUSE-FU-2023:2119-1 Feature update for haproxy | около 2 лет назад | ||
| SUSE-FU-2023:2117-1 Feature update for haproxy | около 2 лет назад | ||
| ELSA-2023-1696 ELSA-2023-1696: haproxy security update (MODERATE) | около 2 лет назад |
Уязвимостей на страницу