Vulnerabilities > Haproxy > Haproxy > 1.1.10

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-45539 Unspecified vulnerability in Haproxy
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
network
low complexity
haproxy
8.2
8.2
2023-08-10 CVE-2023-40225 HTTP Request Smuggling vulnerability in Haproxy
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6.
network
low complexity
haproxy CWE-444
7.2
7.2
2023-02-14 CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1.
network
low complexity
haproxy debian
critical
 9.1
9.1
2019-11-27 CVE-2019-19330 Injection vulnerability in multiple products
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
network
low complexity
haproxy canonical debian CWE-74
critical
 9.8
9.8
2019-10-23 CVE-2019-18277 HTTP Request Smuggling vulnerability in Haproxy
A flaw was found in HAProxy before 2.0.6.
network
low complexity
haproxy CWE-444
7.5
7.5
2018-12-12 CVE-2018-20103 Infinite Loop vulnerability in multiple products
An issue was discovered in dns.c in HAProxy through 1.8.14.
network
low complexity
haproxy canonical redhat CWE-835
7.5
7.5
2018-12-12 CVE-2018-20102 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14.
network
low complexity
haproxy canonical redhat CWE-125
7.5
7.5
2018-09-21 CVE-2018-14645 Out-of-bounds Read vulnerability in multiple products
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2.
network
low complexity
haproxy canonical redhat CWE-125
7.5
7.5
2018-05-09 CVE-2018-10184 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in HAProxy before 1.8.8.
network
low complexity
haproxy redhat CWE-119
7.5
7.5