Lucene search

[email protected]CVE-2013-1912

HistoryApr 10, 2013 - 3:55 p.m.

CVE-2013-1912

2013-04-1015:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-1912

buffer overflow

haproxy

denial of service

remote attack

http keep-alive

tcp inspection rules

rewrite rules

crafted requests.

7.6 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.086 Low

EPSS

Percentile

94.5%

JSON

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.

CPENameOperatorVersion
haproxy:haproxyhaproxyeq1.5
haproxy:haproxyhaproxyeq1.4
haproxy:haproxyhaproxyeq1.4.20
haproxy:haproxyhaproxyeq1.4.22

CPE	Name	Operator	Version
haproxy:haproxy	haproxy	eq	1.5
haproxy:haproxy	haproxy	eq	1.4
haproxy:haproxy	haproxy	eq	1.4.20
haproxy:haproxy	haproxy	eq	1.4.22

References

lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/103770.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/103794.html

rhn.redhat.com/errata/RHSA-2013-0729.html

rhn.redhat.com/errata/RHSA-2013-0868.html

secunia.com/advisories/52725

www.debian.org/security/2013/dsa-2711

www.openwall.com/lists/oss-security/2013/04/03/1

www.securityfocus.com/bid/58820

www.ubuntu.com/usn/USN-1800-1

7.6 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.086 Low

EPSS

Percentile

94.5%

JSON

Related for CVE-2013-1912

redhat2 nessus10 veracode1 fedora5 cvelist1 ubuntucve1 prion1 openvas15 debiancve1 centos1 securityvulns2 ubuntu1 gentoo1 debian1 osv1