Knowledge Base | Security

April/2022 – CVE-2022-22965: Spring4Shell Remote Code Execution Mitigation
Recently, a Remote Code Execution vulnerability was discovered in the Java Spring Core library. This vulnerability allows attackers to execute arbitrary code on affected systems. You can find more information on that vulnerability in the announcement on the Spring...

December/2021 – CVE-2021-44228: Log4Shell Remote Code Execution Mitigation
This post will be updated over the next several days. Recently, a Remote Code Execution vulnerability was discovered in the Apache Log4J library. This vulnerability, which is tracked in CVE-2021-44228, dubbed Log4Shell, allows attackers to execute arbitrary code on...

Rate Limiting with the HAProxy Kubernetes Ingress Controller
Add IP-by-IP rate limiting to the HAProxy Kubernetes Ingress Controller. DDoS (distributed denial of service) events occur when an attacker or group of attackers flood your application or API with disruptive traffic, hoping to exhaust its resources and prevent...

September/2021 – CVE-2021-40346: Duplicate ‘Content-Length’ Header Fixed
If you are using HAProxy 2.0 or newer, it is important that you update to the latest version. A vulnerability was found that makes it possible for an attacker to bypass the check for a duplicate HTTP Content-Length header, permitting a request smuggling attack or a...

August/2021 – HAProxy 2.0+ HTTP/2 Vulnerabilities Fixed
A vulnerability was found that makes it possible to abuse the HTTP/2 parser, allowing an attacker to prepend hostnames to a request, append top-level domains to an existing domain, and inject invalid characters through the :method pseudo-header.
![[On-Demand Webinar] Multilayered Security with HAProxy Enterprise](https://cdn.haproxy.com/wp-content/uploads/2021/06/Webinar-Multilayered-Security-with-HAProxy-Enterprise-2-1000x500.png)
[On-Demand Webinar] Multilayered Security with HAProxy Enterprise
Did you know that an HAProxy Enterprise load balancer can protect your applications from common threats? In this webinar, we'll give you an overview of the multilayered security solution provided by HAProxy Enterprise. We will cover how to: use the HAProxy...
![[On-Demand Webinar] HAProxy and the Financial Information eXchange (FIX) Protocol](https://cdn.haproxy.com/wp-content/uploads/2021/04/Webinar-FIX-Protocol-1.png)
[On-Demand Webinar] HAProxy and the Financial Information eXchange (FIX) Protocol
If you prefer to join the French version of the webinar on May 25th, register here. HAProxy 2.4 and HAProxy Enterprise 2.3 add support for the Financial Information eXchange (FIX) protocol. Financial organizations around the world use FIX as a shared vocabulary for...
![Using HAProxy as an API Gateway, Part 6 [Security]](https://cdn.haproxy.com/wp-content/uploads/2021/03/API-Gateway-Security-1000x500.png)
Using HAProxy as an API Gateway, Part 6 [Security]
HAProxy acts as an API gateway in front of your application servers, providing cross-cutting security. Using HAProxy as an API Gateway, Part 1 [Introduction] Using HAProxy as an API Gateway, Part 2 [Authentication] Using HAProxy as an API Gateway, Part 3...
![Using HAProxy as an API Gateway, Part 5 [Monetization]](https://cdn.haproxy.com/wp-content/uploads/2021/03/API-Gateway-Monetization-1000x500.png)
Using HAProxy as an API Gateway, Part 5 [Monetization]
Use HAProxy as an API gateway to enable API monetization. Using HAProxy as an API Gateway, Part 1 [Introduction] Using HAProxy as an API Gateway, Part 2 [Authentication] Using HAProxy as an API Gateway, Part 3 [Health Checks] Using HAProxy as an API Gateway, Part 4...

The HAProxy Enterprise WAF
The HAProxy Enterprise WAF with support for ModSecurity rulesets protects your web applications from sophisticated, Layer 7 threats left unhandled by network firewalls. Data breaches. Loss of consumer confidence. An endless cycle of companies being compromised....