Haproxy: >> Haproxy >> 2.5 Security Vulnerabilities
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-11-28
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
CVSS Score
7.5
EPSS Score
0.927
Published
2021-09-08