rpm package
opensuse/haproxy&distro=openSUSE Leap Micro 5.4
pkg:rpm/opensuse/haproxy&distro=openSUSE%20Leap%20Micro%205.4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-45539 | — | < 2.4.22+git0.f8e3218e2-150400.3.19.1 | 2.4.22+git0.f8e3218e2-150400.3.19.1 | Nov 28, 2023 | HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. | ||
| CVE-2023-40225 | — | < 2.4.22+git0.f8e3218e2-150400.3.16.1 | 2.4.22+git0.f8e3218e2-150400.3.16.1 | Aug 10, 2023 | HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAP |
- CVE-2023-45539Nov 28, 2023affected < 2.4.22+git0.f8e3218e2-150400.3.19.1fixed 2.4.22+git0.f8e3218e2-150400.3.19.1
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
- CVE-2023-40225Aug 10, 2023affected < 2.4.22+git0.f8e3218e2-150400.3.16.1fixed 2.4.22+git0.f8e3218e2-150400.3.16.1
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAP