Published: 30/06/2016 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

HAproxy 1.6.x prior to 1.6.6, when a deny comes from a reqdeny rule, allows remote malicious users to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 16.04
haproxy haproxy 1.6.5
haproxy haproxy 1.6.0
haproxy haproxy 1.6.3
haproxy haproxy 1.6.2
haproxy haproxy 1.6.1
haproxy haproxy 1.6.4

Debian Bug report logs - #826869 haproxy: CVE-2016-5360: remote denial of service via reqdeny Package: src:haproxy; Maintainer for src:haproxy is Debian HAProxy Maintainers <haproxy@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 9 Jun 2016 16:27:02 UTC Severity: important Tags: ...

HAProxy could be made to crash if it received specially crafted network traffic ...

HAproxy 16x before 166, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors ...

CWE-119 http://www.openwall.com/lists/oss-security/2016/06/09/6 http://git.haproxy.org/?p=haproxy-1.6.git%3Ba=commit%3Bh=60f01f8c89e4fb2723d5a9f2046286e699567e0b http://www.ubuntu.com/usn/USN-3011-1 http://www.openwall.com/lists/oss-security/2016/06/09/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826869 https://usn.ubuntu.com/3011-1/https://nvd.nist.gov

CVE-2016-5360

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect