Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2013:1120
HistoryJul 30, 2013 - 6:55 p.m.

haproxy security update

2013-07-3018:55:18
CentOS Project
lists.centos.org
46

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.04 Low

EPSS

Percentile

92.0%

JSON

CentOS Errata and Security Advisory CESA-2013:1120

HAProxy provides high availability, load balancing, and proxying for TCP
and HTTP-based applications.

A flaw was found in the way HAProxy handled requests when the proxy’s
configuration (“/etc/haproxy/haproxy.cfg”) had certain rules that use the
hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy
instances that use the affected configuration. (CVE-2013-2175)

Red Hat would like to thank HAProxy upstream for reporting this issue.
Upstream acknowledges David Torgerson as the original reporter.

HAProxy is released as a Technology Preview in Red Hat Enterprise Linux 6.
More information about Red Hat Technology Previews is available at
https://access.redhat.com/support/offerings/techpreview/

All users of haproxy are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-July/082046.html

Affected packages:
haproxy

Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1120

OSVersionArchitecturePackageVersionFilename
CentOS6i686haproxy< 1.4.22-5.el6_4haproxy-1.4.22-5.el6_4.i686.rpm
CentOS6x86_64haproxy< 1.4.22-5.el6_4haproxy-1.4.22-5.el6_4.x86_64.rpm

Related

openvas 12
nessus 12
redhat 2
ubuntucve 1
debiancve 1
securityvulns 2
amazon 1
cve 1
prion 1
ubuntu 1
veracode 1
gentoo 1
fedora 3
osv 1
debian 1
openvas
openvas
CentOS Update for haproxy CESA-2013:1120 centos6
2013-08-01 00:00:00
CentOS Update for haproxy CESA-2013:1120 centos6
2013-08-01 00:00:00
Ubuntu Update for haproxy USN-1889-1
2013-06-24 00:00:00
nessus
nessus
Fedora 19 : haproxy-1.4.24-1.fc19 (2013-11135)
2013-07-12 00:00:00
Fedora 17 : haproxy-1.4.24-1.fc17 (2013-11234)
2013-07-12 00:00:00
Amazon Linux AMI : haproxy (ALAS-2013-215)
2013-10-01 00:00:00
redhat
redhat
(RHSA-2013:1120) Moderate: haproxy security update
2013-07-30 00:00:00
(RHSA-2013:1204) Moderate: haproxy security update
2013-09-04 00:00:00
ubuntucve
ubuntucve
CVE-2013-2175
2013-06-19 00:00:00
debiancve
debiancve
CVE-2013-2175
2013-08-19 13:07:00
securityvulns
securityvulns
[USN-1889-1] HAProxy vulnerability
2013-07-01 00:00:00
HAProxy security vulnerabilities
2013-07-01 00:00:00
amazon
amazon
Medium: haproxy
2013-08-07 21:21:00
cve
cve
CVE-2013-2175
2013-08-19 13:07:00
prion
prion
Design/Logic Flaw
2013-08-19 13:07:00
ubuntu
ubuntu
HAProxy vulnerability
2013-06-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:56:59
gentoo
gentoo
HAProxy: Multiple vulnerabilities
2013-07-11 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: haproxy-1.4.24-1.fc18
2013-06-28 06:14:36
[SECURITY] Fedora 19 Update: haproxy-1.4.24-1.fc19
2013-06-29 18:15:34
[SECURITY] Fedora 17 Update: haproxy-1.4.24-1.fc17
2013-06-28 06:16:10
osv
osv
haproxy - several
2013-06-19 00:00:00
debian
debian
[SECURITY] [DSA 2711-1] haproxy security update
2013-06-19 17:12:31

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.04 Low

EPSS

Percentile

92.0%

JSON
Related for CESA-2013:1120
openvas12nessus12redhat2ubuntucve1debiancve1securityvulns2amazon1cve1prion1ubuntu1veracode1gentoo1fedora3osv1debian1