https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 Privacy Settings HAProxy's website uses cookies. By proceeding, you consent to our cookie usage. Please see our Privacy Policy and Cookie Policy for cookie usage details and instructions on how to disable cookies. Privacy and Cookie Policy More information Functional Cookies that make the website usable. [*] Analytics Help website owners understand how visitors interact with websites. [*] Ads [ ] Show details Consent date: User Unique Id: Deny Save Accept and close Watch our Webinar: How to Migrate Successfully from F5 to HAProxy * Blog * Customer Login * English * Products PRODUCTS OVERVIEW HAProxy Enterprise An enterprise-class software load balancer with cutting edge features, suite of add-ons, and support. HAProxy Edge A globally distributed application delivery network, or ADN, with turnkey services at massive scale. HAProxy ALOHA A plug-and-play hardware or virtual load balancer based on HAProxy Enterprise. HAProxy Fusion Control Plane Manage all of your HAProxy Enterprise instances from a single, graphical interface or directly through its API. HAProxy Enterprise Kubernetes Ingress Controller Route traffic into a Kubernetes cluster leveraging powerful features of HAProxy Enterprise. HAPROXY ONE An industry-first end-to-end application delivery platform designed to simplify and secure modern application architectures. Learn more about HAProxy One SUCCESS STORIES [success-st] View All Success Stories * Solutions [50f956ae1095afba6e049572244a81a] SOLUTIONS OVERVIEW Load Balancing High Availability Administration Application Acceleration Security Web Application Firewall API Gateway Kubernetes FEATURED WEBINAR [245ce465ba71ba081eaed69d69fbca2] View All Webinars * Resources DOCUMENTATION HAProxy Enterprise HAProxy ALOHA HAProxy Kubernetes Ingress Controller HAProxy Data Plane API PRODUCT OVERVIEW Community vs Enterprise Migrate from F5 Certified Integrations Datasheets LEARNING HUB Blog Webinars eBooks Content Library Knowledge Base USE CASES [20eb507f359889fb72b4abc350f07fa] Success Stories User Spotlight Series * Support EXPERT SUPPORT Support Details Professional Services Customer Support Portal COMMUNITY Community Mailing List Slack Reddit FEATURED WEBINAR [12216b7611ed8cdb016e43a206e896e] View All Webinars * Company PARTNERS Partner Program Certified Integration Program Find a Partner COMPANY About Us News Careers CONNECT WITH US Contact Us Slack Twitter Facebook LinkedIn Reddit EVENTS KubeCon + CloudNativeCon [cb960043cd79f1f197f3f5bfeb00bac] View All Events * Contact Us * Get HAProxy HAProxy Enterprise Enterprise-class features, services, and premium support. HAProxy ALOHA Virtual Load Balancer Powerful plug-and-play appliance. Perfect for every environment. HAProxy ALOHA Hardware Load Balancer Flexible and simple to use. Deploy new applications in minutes. HAProxy Community Open-source community version of HAProxy. * * + PRODUCTS HAProxy Enterprise An enterprise-class software load balancer with cutting edge features, suite of add-ons, and support. HAProxy ALOHA A plug-and-play hardware or virtual load balancer based on HAProxy Enterprise. HAProxy Enterprise Kubernetes Ingress Controller Route traffic into a Kubernetes cluster leveraging powerful features of HAProxy Enterprise. HAProxy Fusion Control Plane Manage all of your HAProxy Enterprise instances from a single, graphical interface or directly through its API. HAProxy Edge A globally distributed application delivery network, or ADN, with turnkey services at massive scale. + SOLUTIONS SOLUTIONS OVERVIEW Load Balancing High Availability Administration Application Acceleration Security Web Application Firewall API Gateway Kubernetes + Blog + RESOURCES DOCUMENTATION HAProxy Enterprise HAProxy ALOHA HAProxy Kubernetes Ingress Controller HAProxy Data Plane API PRODUCT OVERVIEW Community vs Enterprise Product Comparison Certified Integrations Datasheets LEARNING HUB Webinars eBooks Content Library Knowledge Base USE CASES [a512688747aaa96f0647e203b59d6282] Success Stories User Spotlight Series + SUPPORT Support Details Professional Services Customer Support Portal + COMPANY Partner Program Certified Integration Program Find a Partner About Us News Careers User References + Contact us + English 1. Blog 2. HAProxy Technologies 3. Blog 4. HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487) News Security Products Load Balancing / Routing HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487) October 10th, 2023 1 min read [0b18] Nick Ramirez HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487) The vulnerability CVE-2023-44487 found in the HTTP/2 protocol could allow a denial of service attack against web servers, reverse proxies, or other software processing HTTP/2 traffic. We are following the developments of this situation, but have concluded that our products are not affected. Specifically, our products are safeguarded by code developed in HAProxy 1.9, released in 2018. This applies to HAProxy, HAProxy Enterprise, HAProxy Kubernetes Ingress Controller, and HAProxy ALOHA. After rigorous testing, we have been able to confirm that our implementation of the HTTP/2 protocol can handle the Rapid Reset Attack without increasing the resource usage or compromising the parallelism of the protocol. We will continue to test and monitor, but the supported versions of our products are not vulnerable to the known attack vectors. We will update this blog post with further news as it develops. Our customers can rest assured that we always develop our products with resource optimization in mind, which in this case explains why we are unaffected by the CPU issues. Subscribe to our blog. Get the latest release updates, tutorials, and deep-dives from HAProxy experts. Subscribe to our blog Blog Share * HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487) Tags: CVE , vulnerability , DOS , HAProxy , HAProxy Enterprise , Ingress Controller , ALOHA , Security Authors [375a45261d5269a2b] Nick Ramirez Nick creates technical content for HAProxy Technologies ranging from documentation and blog posts to Wikipedia articles, GitHub READMEs and Stack Overflow answers. With a background in web development and DevOps, he has fun digging into product features and discovering the optimal path for a new blog tutorial. Twitter LinkedIn GitHub Related Posts Your Comprehensive Guide to HAProxy Protocol Support September 18th, 2023 Your Comprehensive Guide to HAProxy Protocol Support Modern load balancers need broad internet protocol support. We'll outline HAProxy's product-specific protocol support, highlight core features, and share handy use cases. HAProxy's Growth Continues with Rave Reviews and Powerful Capabilities October 10th, 2023 HAProxy's Growth Continues with Rave Reviews and Powerful Capabilities The G2 Fall 2023 Reports are in! HAProxy's acclaim across multiple categories, market levels, and global segments has risen. Here's what users are saying about their HAProxy use cases. August 2023 - CVE-2023-40225: Empty content-length header vulnerability fixed August 30th, 2023 August 2023 - CVE-2023-40225: Empty content-length header vulnerability fixed HAProxy Technologies released new versions of its products to fix the vulnerability CVE-2023-40225. Learn more here. Should You Reload or Restart HAProxy? September 7th, 2023 Should You Reload or Restart HAProxy? For both newcomers and veterans alike, understanding when to reload or restart HAProxy is key. Learn which option is best in common troubleshooting situations. Please enable JavaScript to view the comments powered by Disqus. Contents [c03cd61e23] Stay in the loop Get some knowledge delivered to your inbox. [ ] Subscribe [*] Also subscribe to our newsletter [ ] I agree to receive other communications from HAProxy Technologies. Thank you for subscribing! haproxy-logo +1 (844) 222-4340 contact@haproxy.com Connect With Us Products * HAProxy Enterprise * HAProxy Enterprise Kubernetes Ingress Controller * HAProxy ALOHA * HAProxy Edge * HAProxy Fusion Control Plane * HAProxy One Solutions * Load Balancing * High Availability * Administration * Application Acceleration * Security * Web Application Firewall * API Gateway * Kubernetes Resources * HAProxy Enterprise Documentation * HAProxy ALOHA Documentation * HAProxy Kubernetes Ingress Controller Documentation * Community vs Enterprise * Product Comparison * Certified Integrations * User Spotlight Series * Content Library * Knowledge Base * Blog * Success Stories Support * Customer Support Portal * Support Options * Professional Services * Community Mailing List Company * About Us * Contact Us * Events * Careers * User References * News Partners * Partner Program * Certified Integration Program * Find a Partner * Partner Deal Registration (c) 2023 HAProxy Technologies, LLC. All Rights Reserved Trademark | Privacy | DMCA Policy | Subpoena Response Policy | Acceptable Use Policy (AUP) | Do Not Sell My Personal Information Sitemap Manage Cookie Preferences