Vulnerabilities > Haproxy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-05-25 | CVE-2018-11469 | Information Exposure vulnerability in multiple products Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. | 5.9 |
2018-05-09 | CVE-2018-10184 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in HAProxy before 1.8.8. | 7.5 |
2017-08-22 | CVE-2016-2102 | Improper Authentication vulnerability in Haproxy HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | 5.0 |
2016-06-30 | CVE-2016-5360 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors. | 7.5 |
2013-08-19 | CVE-2013-2175 | Improper Input Validation vulnerability in multiple products HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. | 5.0 |
2013-04-10 | CVE-2013-1912 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Haproxy Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. | 5.1 |