HAProxy 1.4 prior to 1.4.24 and 1.5 prior to 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote malicious users to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 6.0 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 13.04 |
||
redhat enterprise linux load balancer 6.4 |
||
redhat enterprise linux load balancer 6.0 |
||
haproxy haproxy 1.4.6 |
||
haproxy haproxy 1.4.8 |
||
haproxy haproxy 1.4.15 |
||
haproxy haproxy 1.4.17 |
||
haproxy haproxy 1.4 |
||
haproxy haproxy 1.4.22 |
||
haproxy haproxy 1.4.9 |
||
haproxy haproxy 1.4.10 |
||
haproxy haproxy 1.4.11 |
||
haproxy haproxy 1.4.12 |
||
haproxy haproxy 1.4.13 |
||
haproxy haproxy 1.4.1 |
||
haproxy haproxy 1.4.2 |
||
haproxy haproxy 1.4.3 |
||
haproxy haproxy 1.4.4 |
||
haproxy haproxy 1.4.18 |
||
haproxy haproxy 1.4.19 |
||
haproxy haproxy 1.4.21 |
||
haproxy haproxy 1.4.23 |
||
haproxy haproxy 1.4.0 |
||
haproxy haproxy 1.4.5 |
||
haproxy haproxy 1.4.7 |
||
haproxy haproxy 1.4.14 |
||
haproxy haproxy 1.4.16 |
||
haproxy haproxy 1.4.20 |
||
haproxy haproxy 1.5 |