Cloud FoundryCFOUNDRY:BC56313E52C1D0E6E1879C8424A80C18CVE-2015-3281 HAProxy vulnerabilities | Cloud Foundry
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.2%
Severity
Medium
Vendor
HAProxy
Versions Affected
- HAProxy 1.5.x
Description
It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests.
Affected Products and Versions
_Severity is medium unless otherwise noted.
_
- cf-release versions prior to v252
- routing-release versions prior to v0.144.0
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry Runtime Deployments run with cf-release 252 or later
- Consumers of standalone routing-release should upgrade to v0.144.0 or later
References
- <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3281>
- <https://bosh.io/>
- <https://github.com/cloudfoundry/cf-release>
- <https://github.com/cloudfoundry-incubator/routing-release/releases>
History
2015-07-10: Notice initially published
2017-04-04: Notice updated with instructions to update cf-release and routing-release
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.2%