5.1
CVSSv2

CVE-2013-1912

Published: 10/04/2013 Updated: 01/12/2013
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 454
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

Buffer overflow in HAProxy 1.4 up to and including 1.4.22 and 1.5-dev up to and including 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

haproxy haproxy 1.4

haproxy haproxy 1.4.20

haproxy haproxy 1.4.22

haproxy haproxy 1.5

Vendor Advisories

Synopsis Moderate: haproxy security update Type/Severity Security Advisory: Moderate Topic An updated haproxy package that fixes one security issue is now availablefor Red Hat OpenShift Enterprise 113The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vuln ...
HAProxy could be made to crash or run programs if it received specially crafted network traffic ...
Debian Bug report logs - #674447 CVE-2012-2942 Package: haproxy; Maintainer for haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Source for haproxy is src:haproxy (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 24 May 2012 18:09:01 UTC Severity: grave Tags: patch, ...
Debian Bug report logs - #704611 haproxy: CVE-2013-1912: crash on TCP content inspection rules Package: src:haproxy; Maintainer for src:haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Apr 2013 14:54:02 UTC Severity: important Tags ...
Buffer overflow in HAProxy 14 through 1422 and 15-dev through 15-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that ...
Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code CVE-2013-1912 Buffer overflow in the HTTP keepalive code CVE-2013-2175 Denial of service in parsing HTTP headers For the oldstable distribution (squeeze), these problems have been fixed in ve ...