Vulnerabilities > Haproxy

DATE CVE VULNERABILITY TITLE RISK
2018-05-25 CVE-2018-11469 Information Exposure vulnerability in multiple products
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
network
high complexity
haproxy canonical CWE-200
5.9
2018-05-09 CVE-2018-10184 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in HAProxy before 1.8.8.
network
low complexity
haproxy redhat CWE-119
7.5
2017-08-22 CVE-2016-2102 Improper Authentication vulnerability in Haproxy
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
network
low complexity
haproxy CWE-287
5.0
2016-06-30 CVE-2016-5360 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
canonical haproxy CWE-119
7.5
2013-08-19 CVE-2013-2175 Improper Input Validation vulnerability in multiple products
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
network
low complexity
debian canonical redhat haproxy CWE-20
5.0
2013-04-10 CVE-2013-1912 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Haproxy
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.
network
high complexity
haproxy CWE-119
5.1