Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haproxy haproxy vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-14241
HAProxy up to and including 2.0.2 allows malicious users to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.
Haproxy Haproxy
384
VMScore
CVE-2019-18277
A flaw was found in HAProxy prior to 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be us...
Haproxy Haproxy
2 Github repositories
447
VMScore
CVE-2021-40346
An integer overflow exists in HAProxy 2.0 up to and including 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an malicious user to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
Haproxy Haproxy
Haproxy Haproxy 2.5
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7 Github repositories
383
VMScore
CVE-2018-11469
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 up to and including 1.8.9 (if cache enabled) allows malicious users to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for...
Haproxy Haproxy
Canonical Ubuntu Linux 18.04
NA
CVE-2023-25725
HAProxy prior to 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTT...
Haproxy Haproxy
Debian Debian Linux 10.0
Debian Debian Linux 11.0
445
VMScore
CVE-2021-39240
An issue exists in HAProxy 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what...
Haproxy Haproxy
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
445
VMScore
CVE-2021-39241
An issue exists in HAProxy 2.0 prior to 2.0.24, 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protecte...
Haproxy Haproxy
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
445
VMScore
CVE-2021-39242
An issue exists in HAProxy 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.
Haproxy Haproxy
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
435
VMScore
CVE-2019-8953
The HAProxy package prior to 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
Netgate Haproxy
1 EDB exploit
445
VMScore
CVE-2019-14243
headerv2.go in mastercactapus proxyprotocol prior to 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin up to and including 0.0.2 for Caddy, allows remote malicious users to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 r...
Haproxy Proxyprotocol
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »