5
CVSSv2

CVE-2013-2175

Published: 19/08/2013 Updated: 07/12/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

HAProxy 1.4 prior to 1.4.24 and 1.5 prior to 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote malicious users to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 6.0

canonical ubuntu linux 12.10

canonical ubuntu linux 12.04

canonical ubuntu linux 13.04

redhat enterprise linux load balancer 6.4

redhat enterprise linux load balancer 6.0

haproxy haproxy 1.4.6

haproxy haproxy 1.4.8

haproxy haproxy 1.4.15

haproxy haproxy 1.4.17

haproxy haproxy 1.4

haproxy haproxy 1.4.22

haproxy haproxy 1.4.9

haproxy haproxy 1.4.10

haproxy haproxy 1.4.11

haproxy haproxy 1.4.12

haproxy haproxy 1.4.13

haproxy haproxy 1.4.18

haproxy haproxy 1.4.5

haproxy haproxy 1.4.1

haproxy haproxy 1.4.7

haproxy haproxy 1.4.21

haproxy haproxy 1.4.4

haproxy haproxy 1.4.19

haproxy haproxy 1.4.2

haproxy haproxy 1.4.20

haproxy haproxy 1.4.23

haproxy haproxy 1.4.16

haproxy haproxy 1.4.14

haproxy haproxy 1.4.0

haproxy haproxy 1.4.3

haproxy haproxy 1.5

Vendor Advisories

Synopsis Moderate: haproxy security update Type/Severity Security Advisory: Moderate Topic An updated haproxy package that fixes one security issue is now availablefor Red Hat OpenShift Enterprise 122The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vuln ...
HAProxy could be made to crash if it received specially crafted network traffic ...
HAProxy 14 before 1424 and 15 before 15-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable ...
Debian Bug report logs - #704611 haproxy: CVE-2013-1912: crash on TCP content inspection rules Package: src:haproxy; Maintainer for src:haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Apr 2013 14:54:02 UTC Severity: important Tags ...
Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code CVE-2013-1912 Buffer overflow in the HTTP keepalive code CVE-2013-2175 Denial of service in parsing HTTP headers For the oldstable distribution (squeeze), these problems have been fixed in ve ...