Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haproxy haproxy vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-31161
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 co...
Roxy-wi Roxy-wi
9.8
CVSSv3
CVE-2022-31137
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions before 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from...
Roxy-wi Roxy-wi
9.8
CVSSv3
CVE-2022-31126
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated malicious user to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-...
Roxy-wi Roxy-wi
9.8
CVSSv3
CVE-2022-31125
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated malicious user to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This...
Roxy-wi Roxy-wi
9.8
CVSSv3
CVE-2020-35195
The official haproxy docker images prior to 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a blank ...
Docker Haproxy Docker Image
9.8
CVSSv3
CVE-2019-19330
The HTTP/2 implementation in HAProxy prior to 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
Haproxy Haproxy
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 10.0
9.1
CVSSv3
CVE-2023-25725
HAProxy prior to 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTT...
Haproxy Haproxy
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.8
CVSSv3
CVE-2020-11100
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 up to and including 2.x prior to 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Haproxy Haproxy
Debian Debian Linux 10.0
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.1
8.2
CVSSv3
CVE-2023-45539
HAProxy prior to 2.8.2 accepts # as part of the URI component, which might allow remote malicious users to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
Haproxy Haproxy
7.5
CVSSv3
CVE-2023-0836
An information leak vulnerability exists in HAProxy 2.1, 2.2 prior to 2.2.27, 2.3, 2.4 prior to 2.4.21, 2.5 prior to 2.5.11, 2.6 prior to 2.6.8, 2.7 prior to 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitiv...
Haproxy Haproxy 2.7.0
Haproxy Haproxy
Haproxy Haproxy 2.3.0
Haproxy Haproxy 2.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »