DSA-4960-1 haproxy -- haproxyID: oval:org.secpod.oval:def:88305 | Date: (C)2023-03-28 (M)2023-03-28 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which can result in HTTP request smuggling. By carefully crafting HTTP/2 requests, it is possible to smuggle another HTTP request to the backend selected by the HTTP/2 request. With certain configurations, it allows an attacker to send an HTTP request to a backend, circumventing the backend selection logic. Known workarounds are to disable HTTP/2 and set tune.h2.max-concurrent-streams to 0 in the global section. global tune.h2.max-concurrent-streams 0
Product: |
haproxy |
vim-haproxy |