what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

CVE-2013-2175

Status Candidate

Overview

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.

Related Files

Red Hat Security Advisory 2013-1204-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1204-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A flaw was found in the way HAProxy handled requests when the proxy's configuration had certain rules that use the hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy instances that use the affected configuration. In Red Hat OpenShift Enterprise, the HAProxy cartridge is added to your application when you select to have your application scaled.

tags | advisory, remote, web, tcp
systems | linux, redhat
advisories | CVE-2013-2175
MD5 | 483a955d8dcdff9c261393e3cdb6756e
Red Hat Security Advisory 2013-1120-01
Posted Jul 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1120-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A flaw was found in the way HAProxy handled requests when the proxy's configuration had certain rules that use the hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy instances that use the affected configuration.

tags | advisory, remote, web, tcp
systems | linux, redhat
advisories | CVE-2013-2175
MD5 | 56a7e5820e6894300510e932df76538f
Gentoo Linux Security Advisory 201307-01
Posted Jul 12, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201307-1 - Multiple vulnerabilities have been found in HAProxy, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.4.24 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1912, CVE-2013-2175
MD5 | 7e612a76f3745b5887e75bff48c4aa61
Ubuntu Security Notice USN-1889-1
Posted Jun 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1889-1 - David Torgerson discovered that HAProxy incorrectly parsed certain HTTP headers. A remote attacker could use this issue to cause HAProxy to stop responding, resulting in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2175
MD5 | df6265e329951353a63e17800373ccb5
Debian Security Advisory 2711-1
Posted Jun 20, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2711-1 - Multiple security issues have been found in HAProxy, a load-balancing reverse proxy.

tags | advisory
systems | linux, debian
advisories | CVE-2012-2942, CVE-2013-1912, CVE-2013-2175
MD5 | df661b39009cf0bf1c1ed82639ed41b4
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    14 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close