5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.04 Low
EPSS
Percentile
92.0%
CentOS Errata and Security Advisory CESA-2013:1120
HAProxy provides high availability, load balancing, and proxying for TCP
and HTTP-based applications.
A flaw was found in the way HAProxy handled requests when the proxy’s
configuration (“/etc/haproxy/haproxy.cfg”) had certain rules that use the
hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy
instances that use the affected configuration. (CVE-2013-2175)
Red Hat would like to thank HAProxy upstream for reporting this issue.
Upstream acknowledges David Torgerson as the original reporter.
HAProxy is released as a Technology Preview in Red Hat Enterprise Linux 6.
More information about Red Hat Technology Previews is available at
https://access.redhat.com/support/offerings/techpreview/
All users of haproxy are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-July/082046.html
Affected packages:
haproxy
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1120
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | haproxy | < 1.4.22-5.el6_4 | haproxy-1.4.22-5.el6_4.i686.rpm |
CentOS | 6 | x86_64 | haproxy | < 1.4.22-5.el6_4 | haproxy-1.4.22-5.el6_4.x86_64.rpm |