Количество 23
Количество 23
SUSE-SU-2023:4646-1
Security update for haproxy
ELSA-2024-1142
ELSA-2024-1142: haproxy security update (MODERATE)
CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
CVE-2023-40225
CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...
CVE-2023-45539
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
CVE-2023-45539
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
CVE-2023-45539
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
CVE-2023-45539
HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...
SUSE-SU-2023:3490-1
Security update for haproxy
SUSE-SU-2023:3469-1
Security update for haproxy
ROS-20240401-04
Уязвимость haproxy
GHSA-xgq7-jp95-v2qv
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
BDU:2024-02429
Уязвимость серверного программного обеспечения HAProxy, связанная с пересылкой пустых заголовков Content-Length, позволяющая нарушителю выполнять атаку «контрабанда HTTP-запросов»
SUSE-SU-2023:4647-1
Security update for haproxy
SUSE-SU-2023:4645-1
Security update for haproxy
ROS-20240328-10
Уязвимость haproxy
RLSA-2024:8849
Moderate: haproxy security update
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2023:4646-1 Security update for haproxy | больше 1 года назад | ||
| ELSA-2024-1142 ELSA-2024-1142: haproxy security update (MODERATE) | больше 1 года назад | ||
 | CVE-2023-40225 HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. | CVSS3: 7.2 | 0% Низкий | почти 2 года назад |
 | CVE-2023-40225 HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | CVE-2023-40225 HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. | CVSS3: 7.2 | 0% Низкий | почти 2 года назад |
 | CVSS3: 7.2 | 0% Низкий | почти 2 года назад | |
| CVE-2023-40225 HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ... | CVSS3: 7.2 | 0% Низкий | почти 2 года назад |
| CVE-2023-45539 HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. | CVSS3: 8.2 | 0% Низкий | больше 1 года назад |
| CVE-2023-45539 HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-45539 HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. | CVSS3: 8.2 | 0% Низкий | больше 1 года назад |
| CVE-2023-45539 HAProxy before 2.8.2 accepts # as part of the URI component, which mig ... | CVSS3: 8.2 | 0% Низкий | больше 1 года назад |
| SUSE-SU-2023:3490-1 Security update for haproxy | 0% Низкий | почти 2 года назад | |
| SUSE-SU-2023:3469-1 Security update for haproxy | 0% Низкий | почти 2 года назад | |
 | ROS-20240401-04 Уязвимость haproxy | CVSS3: 7.2 | 0% Низкий | около 1 года назад |
| GHSA-xgq7-jp95-v2qv HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. | CVSS3: 7.2 | 0% Низкий | почти 2 года назад |
 | BDU:2024-02429 Уязвимость серверного программного обеспечения HAProxy, связанная с пересылкой пустых заголовков Content-Length, позволяющая нарушителю выполнять атаку «контрабанда HTTP-запросов» | CVSS3: 7.2 | 0% Низкий | почти 2 года назад |
| SUSE-SU-2023:4647-1 Security update for haproxy | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2023:4645-1 Security update for haproxy | 0% Низкий | больше 1 года назад | |
| ROS-20240328-10 Уязвимость haproxy | CVSS3: 8.2 | 0% Низкий | около 1 года назад |
 | RLSA-2024:8849 Moderate: haproxy security update | 0% Низкий | 7 месяцев назад |
Уязвимостей на страницу