HAProxy Enterprise WAF protects against Microsoft SharePoint CVE-2025-53770 / CVE-2025-53771
CVE-2025-53770 and CVE-2025-53771 are currently being exploited in the wild. However, users of HAProxy Enterprise WAF are protected automatically.
Articles tagged as
Vulnerability
January 2025 – Multiple rsync CVEs impacting memory and file handling in Linux virtual images
The latest versions of HAProxy Fusion fix multiple rsync vulnerabilities related to memory handling and file management in HAProxy Fusion’s Linux-based virtual images. We will cover these CVEs here.
September 2024 – CVE-2024-45506: endless loop in HTTP/2 with zero-copy forwarding in HAProxy
The latest versions of our products fix a vulnerability related to a possible endless loop in the HTTP/2 multiplexer when combined with zero-copy forwarding system in HAProxy, HAProxy Enterprise...
July 2024 – CVE-2024-24791: HTTP/1.1 response code mishandling in golang products
The latest versions of our products fix a vulnerability related to HTTP/1.1 response code mishandling in products written in golang.
July 2024 – CVE-2024-6387: RCE in OpenSSH server
The latest versions of our products fix a vulnerability related to OpenSSH’s server (sshd), which is used in the public/private cloud images of HAProxy Enterprise...
HAProxy is Resilient to the HTTP/2 CONTINUATION Flood
Our implementation of the HTTP/2 protocol can effectively handle the CONTINUATION Flood.
December 2023 - CVE-2023-45539: HAProxy Accepts # as Part of the URI Component Fixed
We have received questions regarding CVE-2023-45539 issued in November 2023. The versions of our products released on Monday, 21 August 2023 to fix...
HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
CVE-2023-44487 found in the HTTP/2 protocol could allow a DoS attack against web servers, reverse proxies, or other software. HAProxy products are unaffected, but we're monitoring the situation.
August 2023 - CVE-2023-40225: Empty content-length header vulnerability fixed
HAProxy Technologies released new versions of its products to fix the vulnerability CVE-2023-40225. Learn more here.
February 2023 – CVE-2023-25725: Header Parser Fixed
HAProxy Technologies has announced that HAProxy 2.0 or newer, HAProxy Enterprise 2.0 or newer, and HAProxy ALOHA 12.5 or newer are affected by CVE-2023-25725. If you are using an affected product you
