Published: 10/04/2013 Updated: 01/12/2013

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Buffer overflow in HAProxy 1.4 up to and including 1.4.22 and 1.5-dev up to and including 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haproxy haproxy 1.4
haproxy haproxy 1.4.20
haproxy haproxy 1.4.22
haproxy haproxy 1.5

Synopsis Moderate: haproxy security update Type/Severity Security Advisory: Moderate Topic An updated haproxy package that fixes one security issue is now availablefor Red Hat OpenShift Enterprise 113The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vuln ...

HAProxy could be made to crash or run programs if it received specially crafted network traffic ...

Debian Bug report logs - #674447 CVE-2012-2942 Package: haproxy; Maintainer for haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Source for haproxy is src:haproxy (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 24 May 2012 18:09:01 UTC Severity: grave Tags: patch, ...

Debian Bug report logs - #704611 haproxy: CVE-2013-1912: crash on TCP content inspection rules Package: src:haproxy; Maintainer for src:haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Apr 2013 14:54:02 UTC Severity: important Tags ...

Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code CVE-2013-1912 Buffer overflow in the HTTP keepalive code CVE-2013-2175 Denial of service in parsing HTTP headers For the oldstable distribution (squeeze), these problems have been fixed in ve ...

Buffer overflow in HAProxy 14 through 1422 and 15-dev through 15-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that ...

CWE-119 http://rhn.redhat.com/errata/RHSA-2013-0729.html http://secunia.com/advisories/52725 http://www.securityfocus.com/bid/58820 http://www.openwall.com/lists/oss-security/2013/04/03/1 http://www.ubuntu.com/usn/USN-1800-1 http://rhn.redhat.com/errata/RHSA-2013-0868.html http://www.debian.org/security/2013/dsa-2711 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103770.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103794.html https://access.redhat.com/errata/RHSA-2013:0729 https://usn.ubuntu.com/1800-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-1912

CVE-2013-1912

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect