5
CVSSv2

CVE-2015-3281

Published: 06/07/2015 Updated: 26/06/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The buffer_slow_realign function in HAProxy 1.5.x prior to 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote malicious users to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 8.0

haproxy haproxy 1.5

haproxy haproxy 1.5.0

haproxy haproxy 1.5.1

haproxy haproxy 1.5.2

haproxy haproxy 1.5.3

haproxy haproxy 1.5.10

haproxy haproxy 1.5.12

haproxy haproxy 1.5.4

haproxy haproxy 1.5.6

haproxy haproxy 1.5.11

haproxy haproxy 1.5.13

haproxy haproxy 1.5.8

haproxy haproxy 1.5.9

haproxy haproxy 1.5.7

haproxy haproxy 1.5.5

haproxy haproxy 1.6

canonical ubuntu linux 15.04

canonical ubuntu linux 14.10

opensuse openstack cloud 5

opensuse linux enterprise high availability extension 12

opensuse opensuse 13.2

redhat enterprise linux server eus 7.1

redhat enterprise linux server eus 7.2

redhat enterprise linux server eus 7.3

redhat enterprise linux server eus 7.4

redhat enterprise linux server 7.0

redhat enterprise linux server eus 7.6

redhat enterprise linux server aus 7.4

redhat enterprise linux server aus 7.6

redhat enterprise linux server tus 7.3

redhat enterprise linux server tus 7.6

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server aus 7.3

redhat enterprise linux server eus 7.5

Vendor Advisories

Synopsis Important: Red Hat OpenShift Enterprise 228 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Enterprise release 228, which fixes one securityissue, several bugs, and introduces feature enhancements, is nowavailableRed Hat Product Secu ...
HAProxy could be made to expose sensitive information over the network ...
Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast and reliable load balancing reverse proxy, when HTTP pipelining is used A client can take advantage of this flaw to cause data corruption and retrieve uninitialized memory contents that exhibit data from a past request or session For the stable distribution (jessie), this pro ...
An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session ...