Filtered by vendor Haproxy
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39241 | 3 Debian, Fedoraproject, Haproxy | 3 Debian Linux, Fedora, Haproxy | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such as in the "GET /admin? HTTP/1.1 /static/images HTTP/1.1" example. | |||||
| CVE-2019-11323 | 1 Haproxy | 1 Haproxy | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error. | |||||
| CVE-2018-11469 | 2 Canonical, Haproxy | 2 Ubuntu Linux, Haproxy | 2019-06-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. | |||||
| CVE-2016-2102 | 1 Haproxy | 1 Haproxy | 2017-08-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | |||||