Vulnerabilities > Haproxy > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-45506 Unspecified vulnerability in Haproxy
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
network
low complexity
haproxy
7.5
2023-11-28 CVE-2023-45539 Unspecified vulnerability in Haproxy
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
network
low complexity
haproxy
8.2
2023-08-10 CVE-2023-40225 HTTP Request Smuggling vulnerability in Haproxy
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6.
network
low complexity
haproxy CWE-444
7.2
2023-04-11 CVE-2023-25950 HTTP Request Smuggling vulnerability in Haproxy
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request.
network
low complexity
haproxy CWE-444
7.3
2023-03-29 CVE-2023-0836 Incomplete Cleanup vulnerability in Haproxy
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1.
network
low complexity
haproxy CWE-459
7.5
2022-03-02 CVE-2022-0711 Infinite Loop vulnerability in multiple products
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header.
network
low complexity
haproxy redhat debian CWE-835
7.5
2021-09-08 CVE-2021-40346 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
network
low complexity
haproxy debian fedoraproject CWE-190
7.5
2021-08-17 CVE-2021-39240 An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3.
network
low complexity
haproxy debian fedoraproject
7.5
2021-08-17 CVE-2021-39242 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3.
network
low complexity
haproxy debian fedoraproject CWE-755
7.5
2020-04-02 CVE-2020-11100 Out-of-bounds Write vulnerability in multiple products
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
8.8