HAProxy is Resilient to the HTTP/2 CONTINUATION Flood
Our implementation of the HTTP/2 protocol can effectively handle the CONTINUATION Flood.
Articles tagged as
CVE
December 2023 - CVE-2023-45539: HAProxy Accepts # as Part of the URI Component Fixed
We have received questions regarding CVE-2023-45539 issued in November 2023. The versions of our products released on Monday, 21 August 2023 to fix...
HAProxy is Not Affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
CVE-2023-44487 found in the HTTP/2 protocol could allow a DoS attack against web servers, reverse proxies, or other software. HAProxy products are unaffected, but we're monitoring the situation.
August 2023 - CVE-2023-40225: Empty content-length header vulnerability fixed
HAProxy Technologies released new versions of its products to fix the vulnerability CVE-2023-40225. Learn more here.
February 2023 – CVE-2023-25725: Header Parser Fixed
HAProxy Technologies has announced that HAProxy 2.0 or newer, HAProxy Enterprise 2.0 or newer, and HAProxy ALOHA 12.5 or newer are affected by CVE-2023-25725. If you are using an affected product you
April/2022 – CVE-2022-22965: Spring4Shell Remote Code Execution Mitigation
Remote Code Execution vulnerability was discovered in the Java Spring Core library. This allows attackers to execute arbitrary code on affected systems.
December/2021 – CVE-2021-44228: Log4Shell Remote Code Execution Mitigation
Vulnerability which is tracked in CVE-2021-44228, dubbed Log4Shell, allows attackers to execute arbitrary code on affected systems.
September/2021–CVE-2021-40346: Duplicate ‘Content-Length’ Header Fixed
If you use HAProxy 2.0 or up, you must update to the latest version. A vulnerability was found that makes it possible for an attacker to...
Previous
Next
Showing 1 of 1 Pages