Download
| Alert*
oval:org.secpod.oval:def:63266
Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential arbitrary code execution. oval:org.secpod.oval:def:66536 The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fix: * haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes For more details about the security issue, including the impact, a CVSS score, acknowledgments, an ... oval:org.secpod.oval:def:503636 The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fix: * haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes For more details about the security issue, including the impact, a CVSS score, acknowledgments, an ... oval:org.secpod.oval:def:62703 haproxy: fast and reliable load balancing reverse proxy HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 request. oval:org.secpod.oval:def:504859 HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Security Fix: * haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:118000 HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to backup ... oval:org.secpod.oval:def:1801721 In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. oval:org.secpod.oval:def:604796 Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential arbitrary code execution. oval:org.secpod.oval:def:1701663 In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution oval:org.secpod.oval:def:705426 haproxy: fast and reliable load balancing reverse proxy HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 request. oval:org.secpod.oval:def:1502854 The advisory is missing the security advisory description. For more information please visit the reference link |