Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haproxy haproxy vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-25802
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions before 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a...
Roxy-wi Roxy-wi
7.5
CVSSv3
CVE-2023-25803
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions before 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0.
Roxy-wi Roxy-wi
7.5
CVSSv3
CVE-2021-4047
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.
Redhat Openshift 4.9
7.5
CVSSv3
CVE-2022-0711
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an malicious user to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The hig...
Haproxy Haproxy
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Redhat Openshift Container Platform 4.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2021-40346
An integer overflow exists in HAProxy 2.0 up to and including 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an malicious user to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
Haproxy Haproxy
Haproxy Haproxy 2.5
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7 Github repositories
7.5
CVSSv3
CVE-2021-39240
An issue exists in HAProxy 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what...
Haproxy Haproxy
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2021-39242
An issue exists in HAProxy 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.
Haproxy Haproxy
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2019-18277
A flaw was found in HAProxy prior to 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be us...
Haproxy Haproxy
2 Github repositories
7.5
CVSSv3
CVE-2019-14243
headerv2.go in mastercactapus proxyprotocol prior to 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin up to and including 0.0.2 for Caddy, allows remote malicious users to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 r...
Haproxy Proxyprotocol
7.5
CVSSv3
CVE-2019-14241
HAProxy up to and including 2.0.2 allows malicious users to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.
Haproxy Haproxy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »