Vulnerabilities (CVE)

Filtered by vendor Haproxy Subscribe
Filtered by product Haproxy
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11469 2 Canonical, Haproxy 2 Ubuntu Linux, Haproxy 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
CVE-2018-10184 2 Haproxy, Redhat 2 Haproxy, Enterprise Linux 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.
CVE-2016-5360 2 Canonical, Haproxy 2 Ubuntu Linux, Haproxy 2024-11-21 5.0 MEDIUM 7.5 HIGH
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-2102 1 Haproxy 1 Haproxy 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
CVE-2015-3281 6 Canonical, Debian, Haproxy and 3 more 12 Ubuntu Linux, Debian Linux, Haproxy and 9 more 2024-11-21 5.0 MEDIUM N/A
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
CVE-2014-6269 1 Haproxy 1 Haproxy 2024-11-21 5.0 MEDIUM N/A
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
CVE-2013-2175 4 Canonical, Debian, Haproxy and 1 more 4 Ubuntu Linux, Debian Linux, Haproxy and 1 more 2024-11-21 5.0 MEDIUM N/A
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
CVE-2013-1912 1 Haproxy 1 Haproxy 2024-11-21 5.1 MEDIUM N/A
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.
CVE-2012-2942 1 Haproxy 1 Haproxy 2024-11-21 5.1 MEDIUM N/A
Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.
CVE-2024-45506 1 Haproxy 1 Haproxy 2024-10-14 N/A 7.5 HIGH
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.