GCVE - cpe:2.3:a:haproxy:haproxy:2.7.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:haproxy:haproxy:2.7.0:*:*:*:*:*:*:*

part: a version: 2.7.0 update: *

Vendor	Haproxy (`bcdccbbb-bab3-5a27-b98b-5345a425d85c`)
Product	Haproxy (`0acaea08-d114-576a-98cc-ac99b15c19b7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/haproxy`	purl2cpe	2026-06-01 10:18:18.559735
`pkg:deb/ubuntu/haproxy`	purl2cpe	2026-06-01 10:18:18.559736
`pkg:docker/haproxy/haproxy`	purl2cpe	2026-06-01 10:18:18.559738
`pkg:github/haproxy/haproxy`	purl2cpe	2026-06-01 10:18:18.559739
`pkg:haproxy/haproxy`	purl2cpe	2026-06-01 10:18:18.559741
`pkg:rpm/fedora/haproxy`	purl2cpe	2026-06-01 10:18:18.559742
`pkg:rpm/opensuse/haproxy`	purl2cpe	2026-06-01 10:18:18.559744

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-25950`	vulnerable	2026-06-08 05:56:11.802211	Details available HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition. Published: 2023-04-11T00:00:00.000Z Updated: 2025-02-11T15:41:36.728Z Open on db.gcve.eu Reference links https://www.haproxy.org/ https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46 https://jvn.jp/en/jp/JVN38170084/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0836`	vulnerable	2026-06-08 05:52:32.923547	Details available An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way. Published: 2023-03-29T00:00:00.000Z Updated: 2025-02-18T16:42:03.756Z Open on db.gcve.eu Reference links https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a https://www.debian.org/security/2023/dsa-5388	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.