apk package
wolfi/haproxy-2.9
pkg:apk/wolfi/haproxy-2.9
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-53008 | Med | 5.3 | < 2.9.10-r0 | 2.9.10-r0 | Nov 28, 2024 | Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obt | |
| CVE-2024-45506 | — | < 2.9.10-r0 | 2.9.10-r0 | Sep 4, 2024 | HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024. | ||
| CVE-2023-0056 | — | < 0 | 0 | Mar 23, 2023 | An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | ||
| CVE-2016-2102 | Med | 5.3 | < 0 | 0 | Aug 22, 2017 | HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. |
- affected < 2.9.10-r0fixed 2.9.10-r0
Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obt
- CVE-2024-45506Sep 4, 2024affected < 2.9.10-r0fixed 2.9.10-r0
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
- CVE-2023-0056Mar 23, 2023affected < 0fixed 0
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.
- affected < 0fixed 0
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.