Published: 19/08/2013 Updated: 07/12/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

HAProxy 1.4 prior to 1.4.24 and 1.5 prior to 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote malicious users to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 6.0
canonical ubuntu linux 12.10
canonical ubuntu linux 12.04
canonical ubuntu linux 13.04
redhat enterprise linux load balancer 6.4
redhat enterprise linux load balancer 6.0
haproxy haproxy 1.4.6
haproxy haproxy 1.4.8
haproxy haproxy 1.4.15
haproxy haproxy 1.4.17
haproxy haproxy 1.4
haproxy haproxy 1.4.22
haproxy haproxy 1.4.9
haproxy haproxy 1.4.10
haproxy haproxy 1.4.11
haproxy haproxy 1.4.12
haproxy haproxy 1.4.13
haproxy haproxy 1.4.1
haproxy haproxy 1.4.2
haproxy haproxy 1.4.3
haproxy haproxy 1.4.4
haproxy haproxy 1.4.18
haproxy haproxy 1.4.19
haproxy haproxy 1.4.21
haproxy haproxy 1.4.23
haproxy haproxy 1.4.0
haproxy haproxy 1.4.5
haproxy haproxy 1.4.7
haproxy haproxy 1.4.14
haproxy haproxy 1.4.16
haproxy haproxy 1.4.20
haproxy haproxy 1.5

Synopsis Moderate: haproxy security update Type/Severity Security Advisory: Moderate Topic An updated haproxy package that fixes one security issue is now availablefor Red Hat OpenShift Enterprise 122The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vuln ...

Debian Bug report logs - #704611 haproxy: CVE-2013-1912: crash on TCP content inspection rules Package: src:haproxy; Maintainer for src:haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Apr 2013 14:54:02 UTC Severity: important Tags ...

HAProxy could be made to crash if it received specially crafted network traffic ...

Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code CVE-2013-1912 Buffer overflow in the HTTP keepalive code CVE-2013-2175 Denial of service in parsing HTTP headers For the oldstable distribution (squeeze), these problems have been fixed in ve ...

HAProxy 14 before 1424 and 15 before 15-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable ...

CWE-20 CWE-284 http://marc.info/?l=haproxy&m=137147915029705&w=2 http://rhn.redhat.com/errata/RHSA-2013-1120.html http://secunia.com/advisories/54344 https://bugzilla.redhat.com/show_bug.cgi?id=974259 http://www.ubuntu.com/usn/USN-1889-1 http://www.debian.org/security/2013/dsa-2711 http://rhn.redhat.com/errata/RHSA-2013-1204.html https://access.redhat.com/errata/RHSA-2013:1204 https://usn.ubuntu.com/1889-1/https://nvd.nist.gov

CVE-2013-2175

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect