{"id": "OPENVAS:1361412562310703301", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 3301-1 (haproxy - security update)", "description": "Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.", "published": "2015-07-05T00:00:00", "modified": "2019-03-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703301", "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2015/dsa-3301.html"], "cvelist": ["CVE-2015-3281"], "type": "openvas", "lastseen": "2019-05-29T18:36:03", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-3281"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "a08e7dbec148251a2af98dbba362c248f1b2270ad4496524a4c769a0d78560b4", "hashmap": [{"hash": "195d27a367a069295c0ac1f3ae9dce8f", "key": "published"}, {"hash": "0942b635b7ce599a9363bcf17fd9730d", "key": "reporter"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "ee85aaaabb37310e7625fea650c17a86", "key": "href"}, {"hash": "db4904baac3c68ad2f49375ef43e110d", "key": "description"}, {"hash": "667ec0ac06fc497b912ccbaba2e5f6f6", "key": "pluginID"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "f70f529c0cf8504ed0563786244f96e5", "key": "sourceData"}, {"hash": "fd6bb9f1e237f18e5debe665e1794afd", "key": "references"}, {"hash": "446eff2784a954e9babe1d6bc654f1c0", "key": "cvelist"}, {"hash": "eb4cc244f9afb251304d4fc4d5cc4d54", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703301", "id": "OPENVAS:1361412562310703301", "lastseen": "2018-04-06T11:25:54", "modified": "2018-04-06T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310703301", "published": "2015-07-05T00:00:00", "references": ["http://www.debian.org/security/2015/dsa-3301.html"], "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3301.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3301-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703301\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-3281\");\n script_name(\"Debian Security Advisory DSA 3301-1 (haproxy - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-05 00:00:00 +0200 (Sun, 05 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3301.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"haproxy on Debian Linux\");\n script_tag(name: \"insight\", value: \"HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high\navailability environments. It features connection persistence through HTTP\ncookies, load balancing, header addition, modification, deletion both ways. It\nhas request blocking capabilities and provides interface to display server\nstatus.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 1.5.8-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.14-1.\n\nWe recommend that you upgrade your haproxy packages.\");\n script_tag(name: \"summary\", value: \"Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"haproxy\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"haproxy-dbg\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"haproxy-doc\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-haproxy\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "title": "Debian Security Advisory DSA 3301-1 (haproxy - security update)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-04-06T11:25:54"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-3281"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "3852581fdc477c60a4b43b6aba2b90e2b1c7962c5cd65a3bcc7b8f7ae718dc51", "hashmap": [{"hash": "195d27a367a069295c0ac1f3ae9dce8f", "key": "published"}, {"hash": "0942b635b7ce599a9363bcf17fd9730d", "key": "reporter"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "ee85aaaabb37310e7625fea650c17a86", "key": "href"}, {"hash": "db4904baac3c68ad2f49375ef43e110d", "key": "description"}, {"hash": "667ec0ac06fc497b912ccbaba2e5f6f6", "key": "pluginID"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "f70f529c0cf8504ed0563786244f96e5", "key": "sourceData"}, {"hash": "fd6bb9f1e237f18e5debe665e1794afd", "key": "references"}, {"hash": "446eff2784a954e9babe1d6bc654f1c0", "key": "cvelist"}, {"hash": "eb4cc244f9afb251304d4fc4d5cc4d54", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703301", "id": "OPENVAS:1361412562310703301", "lastseen": "2018-08-30T19:21:54", "modified": "2018-04-06T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310703301", "published": "2015-07-05T00:00:00", "references": ["http://www.debian.org/security/2015/dsa-3301.html"], "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3301.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3301-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703301\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-3281\");\n script_name(\"Debian Security Advisory DSA 3301-1 (haproxy - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-05 00:00:00 +0200 (Sun, 05 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3301.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"haproxy on Debian Linux\");\n script_tag(name: \"insight\", value: \"HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high\navailability environments. It features connection persistence through HTTP\ncookies, load balancing, header addition, modification, deletion both ways. It\nhas request blocking capabilities and provides interface to display server\nstatus.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 1.5.8-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.14-1.\n\nWe recommend that you upgrade your haproxy packages.\");\n script_tag(name: \"summary\", value: \"Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"haproxy\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"haproxy-dbg\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"haproxy-doc\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-haproxy\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "title": "Debian Security Advisory DSA 3301-1 (haproxy - security update)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:21:54"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-3281"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.", "edition": 3, "enchantments": {"dependencies": {"modified": "2018-09-01T23:49:37", "references": [{"idList": ["RHSA-2015:2666", "RHSA-2015:1741"], "type": "redhat"}, {"idList": ["CVE-2015-3281"], "type": "cve"}, {"idList": ["SECURITYVULNS:VULN:14578", "SECURITYVULNS:DOC:32312"], "type": "securityvulns"}, {"idList": ["CBFA8BD7-24B6-11E5-86FF-14DAE9D210B8"], "type": "freebsd"}, {"idList": ["CFOUNDRY:BC56313E52C1D0E6E1879C8424A80C18"], "type": "cloudfoundry"}, {"idList": ["USN-2668-1"], "type": "ubuntu"}, {"idList": ["ASA-201507-3"], "type": "archlinux"}, {"idList": ["OPENSUSE-SU-2015:1831-1", "SUSE-SU-2015:1663-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3301-1:D6C4A"], "type": "debian"}, {"idList": ["FEDORA_2015-11255.NASL", "FEDORA_2015-11267.NASL", "DEBIAN_DSA-3301.NASL", "UBUNTU_USN-2668-1.NASL", "CENTOS_RHSA-2015-1741.NASL", "ORACLELINUX_ELSA-2015-1741.NASL", "OPENSUSE-2015-682.NASL", "REDHAT-RHSA-2015-2666.NASL", "FREEBSD_PKG_CBFA8BD724B611E586FF14DAE9D210B8.NASL", "REDHAT-RHSA-2015-1741.NASL"], "type": "nessus"}, {"idList": ["ELSA-2015-1741"], "type": "oraclelinux"}, {"idList": ["CESA-2015:1741"], "type": "centos"}, {"idList": ["OPENVAS:1361412562310123008", "OPENVAS:1361412562310851120", "OPENVAS:1361412562310871450", "OPENVAS:1361412562310842267", "OPENVAS:703301", "OPENVAS:1361412562310869820", "OPENVAS:1361412562310869804", "OPENVAS:1361412562310882282", "OPENVAS:1361412562310882283"], "type": "openvas"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "a08e7dbec148251a2af98dbba362c248f1b2270ad4496524a4c769a0d78560b4", "hashmap": [{"hash": "195d27a367a069295c0ac1f3ae9dce8f", "key": "published"}, {"hash": "0942b635b7ce599a9363bcf17fd9730d", "key": "reporter"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "ee85aaaabb37310e7625fea650c17a86", "key": "href"}, {"hash": "db4904baac3c68ad2f49375ef43e110d", "key": "description"}, {"hash": "667ec0ac06fc497b912ccbaba2e5f6f6", "key": "pluginID"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "f70f529c0cf8504ed0563786244f96e5", "key": "sourceData"}, {"hash": "fd6bb9f1e237f18e5debe665e1794afd", "key": "references"}, {"hash": "446eff2784a954e9babe1d6bc654f1c0", "key": "cvelist"}, {"hash": "eb4cc244f9afb251304d4fc4d5cc4d54", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703301", "id": "OPENVAS:1361412562310703301", "lastseen": "2018-09-01T23:49:37", "modified": "2018-04-06T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310703301", "published": "2015-07-05T00:00:00", "references": ["http://www.debian.org/security/2015/dsa-3301.html"], "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3301.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3301-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703301\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-3281\");\n script_name(\"Debian Security Advisory DSA 3301-1 (haproxy - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-05 00:00:00 +0200 (Sun, 05 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3301.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"haproxy on Debian Linux\");\n script_tag(name: \"insight\", value: \"HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high\navailability environments. It features connection persistence through HTTP\ncookies, load balancing, header addition, modification, deletion both ways. It\nhas request blocking capabilities and provides interface to display server\nstatus.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 1.5.8-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.14-1.\n\nWe recommend that you upgrade your haproxy packages.\");\n script_tag(name: \"summary\", value: \"Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"haproxy\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"haproxy-dbg\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"haproxy-doc\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-haproxy\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "title": "Debian Security Advisory DSA 3301-1 (haproxy - security update)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-09-01T23:49:37"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-3281"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.", "edition": 4, "enchantments": {"dependencies": {"modified": "2019-03-19T12:34:54", "references": [{"idList": ["RHSA-2015:2666", "RHSA-2015:1741"], "type": "redhat"}, {"idList": ["CVE-2015-3281"], "type": "cve"}, {"idList": ["SECURITYVULNS:VULN:14578", "SECURITYVULNS:DOC:32312"], "type": "securityvulns"}, {"idList": ["CBFA8BD7-24B6-11E5-86FF-14DAE9D210B8"], "type": "freebsd"}, {"idList": ["CFOUNDRY:BC56313E52C1D0E6E1879C8424A80C18"], "type": "cloudfoundry"}, {"idList": ["USN-2668-1"], "type": "ubuntu"}, {"idList": ["ASA-201507-3"], "type": "archlinux"}, {"idList": ["OPENSUSE-SU-2015:1831-1", "SUSE-SU-2015:1663-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3301-1:D6C4A"], "type": "debian"}, {"idList": ["FEDORA_2015-11255.NASL", "FEDORA_2015-11267.NASL", "DEBIAN_DSA-3301.NASL", "SL_20150908_HAPROXY_ON_SL6_X.NASL", "UBUNTU_USN-2668-1.NASL", "CENTOS_RHSA-2015-1741.NASL", "ORACLELINUX_ELSA-2015-1741.NASL", "REDHAT-RHSA-2015-2666.NASL", "FREEBSD_PKG_CBFA8BD724B611E586FF14DAE9D210B8.NASL", "REDHAT-RHSA-2015-1741.NASL"], "type": "nessus"}, {"idList": ["ELSA-2015-1741"], "type": "oraclelinux"}, {"idList": ["CESA-2015:1741"], "type": "centos"}, {"idList": ["OPENVAS:1361412562310123008", "OPENVAS:1361412562310851120", "OPENVAS:1361412562310871450", "OPENVAS:1361412562310842267", "OPENVAS:703301", "OPENVAS:1361412562310869820", "OPENVAS:1361412562310869804", "OPENVAS:1361412562310882282", "OPENVAS:1361412562310882283"], "type": "openvas"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "6b034cb55e3cf11a82765368289f5688058384d094b1285c0b02cfc82e9780dd", "hashmap": [{"hash": "195d27a367a069295c0ac1f3ae9dce8f", "key": "published"}, {"hash": "0942b635b7ce599a9363bcf17fd9730d", "key": "reporter"}, {"hash": "ee85aaaabb37310e7625fea650c17a86", "key": "href"}, {"hash": "db4904baac3c68ad2f49375ef43e110d", "key": "description"}, {"hash": "a94d4a81a5b8c674078e95ae39805d92", "key": "sourceData"}, {"hash": "667ec0ac06fc497b912ccbaba2e5f6f6", "key": "pluginID"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "ff1b2ce4fa539c93aaea30a825c0255c", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "fd6bb9f1e237f18e5debe665e1794afd", "key": "references"}, {"hash": "446eff2784a954e9babe1d6bc654f1c0", "key": "cvelist"}, {"hash": "eb4cc244f9afb251304d4fc4d5cc4d54", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703301", "id": "OPENVAS:1361412562310703301", "lastseen": "2019-03-19T12:34:54", "modified": "2019-03-18T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310703301", "published": "2015-07-05T00:00:00", "references": ["http://www.debian.org/security/2015/dsa-3301.html"], "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3301.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3301-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703301\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-3281\");\n script_name(\"Debian Security Advisory DSA 3301-1 (haproxy - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-05 00:00:00 +0200 (Sun, 05 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3301.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"haproxy on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), this problem has been fixed in\nversion 1.5.8-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.14-1.\n\nWe recommend that you upgrade your haproxy packages.\");\n script_tag(name:\"summary\", value:\"Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"haproxy\", ver:\"1.5.8-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"haproxy-dbg\", ver:\"1.5.8-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"haproxy-doc\", ver:\"1.5.8-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-haproxy\", ver:\"1.5.8-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "title": "Debian Security Advisory DSA 3301-1 (haproxy - security update)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2019-03-19T12:34:54"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "446eff2784a954e9babe1d6bc654f1c0"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "description", "hash": "db4904baac3c68ad2f49375ef43e110d"}, {"key": "href", "hash": "ee85aaaabb37310e7625fea650c17a86"}, {"key": "modified", "hash": "ff1b2ce4fa539c93aaea30a825c0255c"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "667ec0ac06fc497b912ccbaba2e5f6f6"}, {"key": "published", "hash": "195d27a367a069295c0ac1f3ae9dce8f"}, {"key": "references", "hash": "fd6bb9f1e237f18e5debe665e1794afd"}, {"key": "reporter", "hash": "0942b635b7ce599a9363bcf17fd9730d"}, {"key": "sourceData", "hash": "a94d4a81a5b8c674078e95ae39805d92"}, {"key": "title", "hash": "eb4cc244f9afb251304d4fc4d5cc4d54"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "884e0e8f94d1b58a465f4f079aadac3233c8c80c50b7d54a415ee8c5b19eabdf", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-3281"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:BC56313E52C1D0E6E1879C8424A80C18"]}, {"type": "nessus", "idList": ["FEDORA_2015-11255.NASL", "FREEBSD_PKG_CBFA8BD724B611E586FF14DAE9D210B8.NASL", "DEBIAN_DSA-3301.NASL", "FEDORA_2015-11267.NASL", "UBUNTU_USN-2668-1.NASL", "OPENSUSE-2015-682.NASL", "CENTOS_RHSA-2015-1741.NASL", "SL_20150908_HAPROXY_ON_SL6_X.NASL", "REDHAT-RHSA-2015-1741.NASL", "REDHAT-RHSA-2015-2666.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851120", "OPENVAS:1361412562310871450", "OPENVAS:1361412562310123008", "OPENVAS:1361412562310882282", "OPENVAS:1361412562310842267", "OPENVAS:1361412562310869804", "OPENVAS:703301", "OPENVAS:1361412562310869820", "OPENVAS:1361412562310882283"]}, {"type": "redhat", "idList": ["RHSA-2015:1741", "RHSA-2015:2666"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32312", "SECURITYVULNS:VULN:14578"]}, {"type": "centos", "idList": ["CESA-2015:1741"]}, {"type": "ubuntu", "idList": ["USN-2668-1"]}, {"type": "archlinux", "idList": ["ASA-201507-3"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1741"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3301-1:D6C4A"]}, {"type": "freebsd", "idList": ["CBFA8BD7-24B6-11E5-86FF-14DAE9D210B8"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1831-1", "SUSE-SU-2015:1663-1"]}], "modified": "2019-05-29T18:36:03"}, "score": {"value": 6.3, "vector": "NONE", "modified": "2019-05-29T18:36:03"}, "vulnersScore": 6.3}, "objectVersion": "1.3", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3301.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3301-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703301\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-3281\");\n script_name(\"Debian Security Advisory DSA 3301-1 (haproxy - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-05 00:00:00 +0200 (Sun, 05 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3301.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"haproxy on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), this problem has been fixed in\nversion 1.5.8-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.14-1.\n\nWe recommend that you upgrade your haproxy packages.\");\n script_tag(name:\"summary\", value:\"Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"haproxy\", ver:\"1.5.8-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"haproxy-dbg\", ver:\"1.5.8-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"haproxy-doc\", ver:\"1.5.8-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-haproxy\", ver:\"1.5.8-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks", "pluginID": "1361412562310703301", "scheme": null}

{"cve": [{"lastseen": "2019-07-04T11:36:44", "bulletinFamily": "NVD", "description": "The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.", "modified": "2019-06-26T13:49:00", "id": "CVE-2015-3281", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3281", "published": "2015-07-06T15:59:00", "title": "CVE-2015-3281", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:39", "bulletinFamily": "software", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nHAProxy\n\n# Versions Affected\n\n * HAProxy 1.5.x\n\n# Description\n\nIt was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests.\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * cf-release versions prior to v252\n * routing-release versions prior to v0.144.0\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry Runtime Deployments run with cf-release 252 or later\n * Consumers of standalone routing-release should upgrade to v0.144.0 or later\n\n# References\n\n * <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3281>\n * <https://bosh.io/>\n * <https://github.com/cloudfoundry/cf-release>\n * <https://github.com/cloudfoundry-incubator/routing-release/releases>\n\n# History\n\n2015-07-10: Notice initially published\n\n2017-04-04: Notice updated with instructions to update cf-release and routing-release\n", "modified": "2017-04-04T00:00:00", "published": "2017-04-04T00:00:00", "id": "CFOUNDRY:BC56313E52C1D0E6E1879C8424A80C18", "href": "https://www.cloudfoundry.org/blog/cve-2015-3281/", "title": "CVE-2015-3281 HAProxy vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:25:14", "bulletinFamily": "scanner", "description": "An updated haproxy package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nHAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications.\n\nAn implementation error related to the memory management of requests and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session. (CVE-2015-3281)\n\nAll haproxy users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2015-1741.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86509", "published": "2015-10-22T00:00:00", "title": "CentOS 6 / 7 : haproxy (CESA-2015:1741)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1741 and \n# CentOS Errata and Security Advisory 2015:1741 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86509);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2015-3281\");\n script_xref(name:\"RHSA\", value:\"2015:1741\");\n\n script_name(english:\"CentOS 6 / 7 : haproxy (CESA-2015:1741)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated haproxy package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nHAProxy provides high availability, load balancing, and proxying for\nTCP and HTTP-based applications.\n\nAn implementation error related to the memory management of requests\nand responses was found within HAProxy's buffer_slow_realign()\nfunction. An unauthenticated remote attacker could possibly use this\nflaw to leak certain memory buffer contents from a past request or\nsession. (CVE-2015-3281)\n\nAll haproxy users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-September/021376.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dab7cb4a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-September/021378.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3d952da\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"haproxy-1.5.4-2.el6_7.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"haproxy-1.5.4-4.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:25:18", "bulletinFamily": "scanner", "description": "haproxy was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-3281: The buffer_slow_realign function in HAProxy did not properly realign a buffer that is used for pending outgoing data, which allowed remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request (bsc#937042).\n\n - Changed DH parameters to prevent Logjam attack.\n\nThese non-security issues were fixed :\n\n - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data\n\n - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id\n\n - MEDIUM: ssl: replace standards DH groups with custom ones\n\n - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten\n\n - MINOR: ssl: add a destructor to free allocated SSL ressources\n\n - BUG/MINOR: ssl: Display correct filename in error message\n\n - MINOR: ssl: load certificates in alphabetical order\n\n - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks\n\n - BUG/MEDIUM: ssl: force a full GC in case of memory shortage\n\n - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.\n\n - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates\n\n - MINOR: ssl: add statement to force some ssl options in global.\n\n - MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs", "modified": "2015-10-28T00:00:00", "id": "OPENSUSE-2015-682.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86623", "published": "2015-10-28T00:00:00", "title": "openSUSE Security Update : haproxy (openSUSE-2015-682)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-682.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86623);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/10/28 14:11:11 $\");\n\n script_cve_id(\"CVE-2015-3281\");\n\n script_name(english:\"openSUSE Security Update : haproxy (openSUSE-2015-682)\");\n script_summary(english:\"Check for the openSUSE-2015-682 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"haproxy was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-3281: The buffer_slow_realign function in\n HAProxy did not properly realign a buffer that is used\n for pending outgoing data, which allowed remote\n attackers to obtain sensitive information (uninitialized\n memory contents of previous requests) via a crafted\n request (bsc#937042).\n\n - Changed DH parameters to prevent Logjam attack.\n\nThese non-security issues were fixed :\n\n - BUG/MAJOR: buffers: make the buffer_slow_realign()\n function respect output data\n\n - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id\n\n - MEDIUM: ssl: replace standards DH groups with custom\n ones\n\n - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value\n being overwritten\n\n - MINOR: ssl: add a destructor to free allocated SSL\n ressources\n\n - BUG/MINOR: ssl: Display correct filename in error\n message\n\n - MINOR: ssl: load certificates in alphabetical order\n\n - BUG/MEDIUM: checks: fix conflicts between agent checks\n and ssl healthchecks\n\n - BUG/MEDIUM: ssl: force a full GC in case of memory\n shortage\n\n - BUG/MEDIUM: ssl: fix bad ssl context init can cause\n segfault in case of OOM.\n\n - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid\n certificates\n\n - MINOR: ssl: add statement to force some ssl options in\n global.\n\n - MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to\n return DER formatted certs\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937202\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:haproxy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:haproxy-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"haproxy-1.5.5-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"haproxy-debuginfo-1.5.5-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"haproxy-debugsource-1.5.5-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy / haproxy-debuginfo / haproxy-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:25:04", "bulletinFamily": "scanner", "description": "An updated haproxy package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications.\n\nAn implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated, remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session. (CVE-2015-3281)\n\nNote that, according to CVE-2015-3281, this issue only exists in HAProxy version 1.5.x prior to 1.5.14. All HAProxy users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.", "modified": "2018-07-26T00:00:00", "id": "REDHAT-RHSA-2015-1741.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85977", "published": "2015-09-17T00:00:00", "title": "RHEL 6 / 7 : haproxy 1.5 (RHSA-2015:1741)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# adapted from Red Hat Security Advisory RHSA-2015:1741. That text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85977);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/26 18:45:30\");\n\n script_cve_id(\"CVE-2015-3281\");\n script_bugtraq_id(75554);\n script_xref(name:\"RHSA\", value:\"2015:1741\");\n\n script_name(english:\"RHEL 6 / 7 : haproxy 1.5 (RHSA-2015:1741)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An updated haproxy package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6 and 7. HAProxy provides high\navailability, load balancing, and proxying for TCP and HTTP-based\napplications.\n\nAn implementation error related to the memory management of request\nand responses was found within HAProxy's buffer_slow_realign()\nfunction. An unauthenticated, remote attacker could possibly use this\nflaw to leak certain memory buffer contents from a past request or\nsession. (CVE-2015-3281)\n\nNote that, according to CVE-2015-3281, this issue only exists in\nHAProxy version 1.5.x prior to 1.5.14. All HAProxy users are advised\nto upgrade to this updated package, which contains a backported patch\nto correct this issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2015-3281.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2015-1741.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected haproxy and / or haproxy-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:haproxy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"RHEL6\", rpm:\"haproxy-1.5\") && rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"haproxy-1.5.4-2.el6_7.1\")) flag++;\nif (rpm_exists(release:\"RHEL6\", rpm:\"haproxy-1.5\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"haproxy-1.5.4-2.el6_7.1\")) flag++;\nif (rpm_exists(release:\"RHEL6\", rpm:\"haproxy-1.5\") && rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"haproxy-debuginfo-1.5.4-2.el6_7.1\")) flag++;\nif (rpm_exists(release:\"RHEL6\", rpm:\"haproxy-1.5\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"haproxy-debuginfo-1.5.4-2.el6_7.1\")) flag++;\n\nif (rpm_exists(release:\"RHEL7\", rpm:\"haproxy-1.5\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"haproxy-1.5.4-4.el7_1.1\")) flag++;\nif (rpm_exists(release:\"RHEL7\", rpm:\"haproxy-1.5\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"haproxy-debuginfo-1.5.4-4.el7_1.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy 1.5 / haproxy-debuginfo 1.5\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:25:02", "bulletinFamily": "scanner", "description": "An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session. (CVE-2015-3281)", "modified": "2018-12-28T00:00:00", "id": "SL_20150908_HAPROXY_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85866", "published": "2015-09-09T00:00:00", "title": "Scientific Linux Security Update : haproxy on SL6.x, SL7.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85866);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2015-3281\");\n\n script_name(english:\"Scientific Linux Security Update : haproxy on SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An implementation error related to the memory management of request\nand responses was found within HAProxy's buffer_slow_realign()\nfunction. An unauthenticated remote attacker could possibly use this\nflaw to leak certain memory buffer contents from a past request or\nsession. (CVE-2015-3281)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1509&L=scientific-linux-errata&F=&S=&P=10281\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8397169\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy and / or haproxy-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"haproxy-1.5.4-2.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"haproxy-debuginfo-1.5.4-2.el6_7.1\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"haproxy-1.5.4-4.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"haproxy-debuginfo-1.5.4-4.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:25:02", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:1741 :\n\nAn updated haproxy package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications.\n\nAn implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated, remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session. (CVE-2015-3281)\n\nNote that, according to CVE-2015-3281, this issue only exists in HAProxy version 1.5.x prior to 1.5.14. All HAProxy users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.", "modified": "2018-12-20T00:00:00", "id": "ORACLELINUX_ELSA-2015-1741.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85864", "published": "2015-09-09T00:00:00", "title": "Oracle Linux 7 : haproxy (ELSA-2015-1741)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1741 and \n# Oracle Linux Security Advisory ELSA-2015-1741 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85864);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2015-3281\");\n script_xref(name:\"RHSA\", value:\"2015:1741\");\n\n script_name(english:\"Oracle Linux 7 : haproxy (ELSA-2015-1741)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1741 :\n\nAn updated haproxy package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6 and 7. HAProxy provides high\navailability, load balancing, and proxying for TCP and HTTP-based\napplications.\n\nAn implementation error related to the memory management of request\nand responses was found within HAProxy's buffer_slow_realign()\nfunction. An unauthenticated, remote attacker could possibly use this\nflaw to leak certain memory buffer contents from a past request or\nsession. (CVE-2015-3281)\n\nNote that, according to CVE-2015-3281, this issue only exists in\nHAProxy version 1.5.x prior to 1.5.14. All HAProxy users are advised\nto upgrade to this updated package, which contains a backported patch\nto correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-September/005390.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"haproxy-1.5.4-4.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:44:21", "bulletinFamily": "scanner", "description": "Red Hat OpenShift Enterprise release 2.2.8, which fixes one security issue, several bugs, and introduces feature enhancements, is now available.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThe following security issue is addressed with this release :\n\nAn implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could use this flaw to leak certain memory buffer contents from a past request or session.\n(CVE-2015-3281)\n\nSpace precludes documenting all of the bug fixes in this advisory. See the OpenShift Enterprise Technical Notes, which will be updated shortly for release 2.2.8, for details about these changes :\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/ html-single/Technical_Notes/index.html\n\nAll OpenShift Enterprise 2 users are advised to upgrade to these updated packages.", "modified": "2018-12-04T00:00:00", "id": "REDHAT-RHSA-2015-2666.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=119366", "published": "2018-12-04T00:00:00", "title": "RHEL 6 : Red Hat OpenShift Enterprise 2.2.8 (RHSA-2015:2666)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2666. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119366);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/12/04 16:01:27\");\n\n script_cve_id(\"CVE-2015-3281\");\n script_xref(name:\"RHSA\", value:\"2015:2666\");\n\n script_name(english:\"RHEL 6 : Red Hat OpenShift Enterprise 2.2.8 (RHSA-2015:2666)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat OpenShift Enterprise release 2.2.8, which fixes one security\nissue, several bugs, and introduces feature enhancements, is now\navailable.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nThe following security issue is addressed with this release :\n\nAn implementation error related to the memory management of request\nand responses was found within HAProxy's buffer_slow_realign()\nfunction. An unauthenticated remote attacker could use this flaw to\nleak certain memory buffer contents from a past request or session.\n(CVE-2015-3281)\n\nSpace precludes documenting all of the bug fixes in this advisory. See\nthe OpenShift Enterprise Technical Notes, which will be updated\nshortly for release 2.2.8, for details about these changes :\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/\nhtml-single/Technical_Notes/index.html\n\nAll OpenShift Enterprise 2 users are advised to upgrade to these\nupdated packages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3281\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:haproxy15side\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:haproxy15side-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-upgrade-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-upgrade-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-yum-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbosseap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbossews\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-routing-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2666\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"haproxy15side-1.5.4-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"haproxy15side-debuginfo-1.5.4-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-enterprise-release-2.2.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-enterprise-upgrade-broker-2.2.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-enterprise-upgrade-node-2.2.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-enterprise-yum-validator-2.2.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-broker-util-1.37.4.2-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-haproxy-1.31.4.1-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-jbosseap-2.27.3.1-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-jbossews-1.35.3.2-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-cartridge-python-1.34.1.1-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-node-util-1.38.5.1-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhc-1.38.4.5-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-openshift-origin-common-1.29.4.1-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-openshift-origin-controller-1.38.4.2-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-openshift-origin-node-1.38.4.1-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-openshift-origin-routing-daemon-0.26.4.4-1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy15side / haproxy15side-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:24:44", "bulletinFamily": "scanner", "description": "Security fix for CVE-2015-3281\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2015-11255.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85055", "published": "2015-07-29T00:00:00", "title": "Fedora 21 : haproxy-1.5.14-1.fc21 (2015-11255)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-11255.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85055);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:49:05 $\");\n\n script_cve_id(\"CVE-2015-3281\");\n script_xref(name:\"FEDORA\", value:\"2015-11255\");\n\n script_name(english:\"Fedora 21 : haproxy-1.5.14-1.fc21 (2015-11255)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-3281\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1239072\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162441.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89144b7f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"haproxy-1.5.14-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:24:27", "bulletinFamily": "scanner", "description": "Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast and reliable load balancing reverse proxy, when HTTP pipelining is used. A client can take advantage of this flaw to cause data corruption and retrieve uninitialized memory contents that exhibit data from a past request or session.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3301.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84511", "published": "2015-07-06T00:00:00", "title": "Debian DSA-3301-1 : haproxy - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3301. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84511);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-3281\");\n script_xref(name:\"DSA\", value:\"3301\");\n\n script_name(english:\"Debian DSA-3301-1 : haproxy - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a\nfast and reliable load balancing reverse proxy, when HTTP pipelining\nis used. A client can take advantage of this flaw to cause data\ncorruption and retrieve uninitialized memory contents that exhibit\ndata from a past request or session.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/haproxy\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3301\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the haproxy packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.5.8-3+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"haproxy\", reference:\"1.5.8-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"haproxy-dbg\", reference:\"1.5.8-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"haproxy-doc\", reference:\"1.5.8-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"vim-haproxy\", reference:\"1.5.8-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:24:44", "bulletinFamily": "scanner", "description": "Security fix for CVE-2015-3281\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2015-11267.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85056", "published": "2015-07-29T00:00:00", "title": "Fedora 22 : haproxy-1.5.14-1.fc22 (2015-11267)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-11267.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85056);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:49:05 $\");\n\n script_cve_id(\"CVE-2015-3281\");\n script_xref(name:\"FEDORA\", value:\"2015-11267\");\n\n script_name(english:\"Fedora 22 : haproxy-1.5.14-1.fc22 (2015-11267)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-3281\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1239072\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162462.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7173eef9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"haproxy-1.5.14-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:24:30", "bulletinFamily": "scanner", "description": "It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2668-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84619", "published": "2015-07-08T00:00:00", "title": "Ubuntu 14.10 / 15.04 : haproxy vulnerability (USN-2668-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2668-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84619);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-3281\");\n script_bugtraq_id(75554);\n script_xref(name:\"USN\", value:\"2668-1\");\n\n script_name(english:\"Ubuntu 14.10 / 15.04 : haproxy vulnerability (USN-2668-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that HAProxy incorrectly handled certain buffers. A\nremote attacker could possibly use this issue to obtain sensitive\ninformation belonging to previous requests.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2668-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.10\", pkgname:\"haproxy\", pkgver:\"1.5.4-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"haproxy\", pkgver:\"1.5.10-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:37", "bulletinFamily": "unix", "description": "A vulnerability was found in the handling of HTTP pipelining. In some\ncases, a client might be able to cause a buffer alignment issue and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.\n\nWith the proper timing and by requesting files of specific sizes from\nthe backend servers in HTTP pipelining mode, one can trigger a call to a\nbuffer alignment function which was not designed to work with pending\noutput data. The effect is that the output data pointer points to the\nwrong location in the buffer, causing corruption on the client. It's\nmore visible with chunked encoding and compressed bodies because the\nclient cannot parse the response, but with a regular content-length\nbody, the client will simply retrieve corrupted contents. That's not the\nworst problem in fact since pipelining is disabled in most clients.\nThe real problem is that it allows the client to sometimes retrieve data\nfrom a previous session that remains in the buffer at the location where\nthe output pointer lies. Thus it's an information leak vulnerability.", "modified": "2015-07-04T00:00:00", "published": "2015-07-04T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html", "id": "ASA-201507-3", "title": "haproxy: information leakage", "type": "archlinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-30T00:00:00", "id": "OPENVAS:1361412562310869804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869804", "title": "Fedora Update for haproxy FEDORA-2015-11267", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for haproxy FEDORA-2015-11267\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869804\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-30 05:04:39 +0200 (Thu, 30 Jul 2015)\");\n script_cve_id(\"CVE-2015-3281\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for haproxy FEDORA-2015-11267\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'haproxy'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"haproxy on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-11267\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162462.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"haproxy\", rpm:\"haproxy~1.5.14~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-07-08T00:00:00", "id": "OPENVAS:1361412562310842267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842267", "title": "Ubuntu Update for haproxy USN-2668-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for haproxy USN-2668-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842267\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-08 06:32:18 +0200 (Wed, 08 Jul 2015)\");\n script_cve_id(\"CVE-2015-3281\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for haproxy USN-2668-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'haproxy'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that HAProxy incorrectly\nhandled certain buffers. A remote attacker could possibly use this issue to obtain\nsensitive information belonging to previous requests.\");\n script_tag(name:\"affected\", value:\"haproxy on Ubuntu 14.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2668-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2668-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"haproxy\", ver:\"1.5.4-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:39", "bulletinFamily": "scanner", "description": "Check the version of haproxy", "modified": "2019-03-08T00:00:00", "published": "2015-09-09T00:00:00", "id": "OPENVAS:1361412562310882282", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882282", "title": "CentOS Update for haproxy CESA-2015:1741 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for haproxy CESA-2015:1741 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882282\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-09 06:27:45 +0200 (Wed, 09 Sep 2015)\");\n script_cve_id(\"CVE-2015-3281\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for haproxy CESA-2015:1741 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of haproxy\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"HAProxy provides high availability, load balancing, and proxying for TCP\nand HTTP-based applications.\n\nAn implementation error related to the memory management of request and\nresponses was found within HAProxy's buffer_slow_realign() function.\nAn unauthenticated remote attacker could possibly use this flaw to leak\ncertain memory buffer contents from a past request or session.\n(CVE-2015-3281)\n\nAll haproxy users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"haproxy on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1741\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-September/021376.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"haproxy\", rpm:\"haproxy~1.5.4~2.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-30T00:00:00", "id": "OPENVAS:1361412562310869820", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869820", "title": "Fedora Update for haproxy FEDORA-2015-11255", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for haproxy FEDORA-2015-11255\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869820\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-30 05:08:01 +0200 (Thu, 30 Jul 2015)\");\n script_cve_id(\"CVE-2015-3281\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for haproxy FEDORA-2015-11255\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'haproxy'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"haproxy on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-11255\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162441.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"haproxy\", rpm:\"haproxy~1.5.14~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:02", "bulletinFamily": "scanner", "description": "Check the version of haproxy", "modified": "2019-03-08T00:00:00", "published": "2015-09-09T00:00:00", "id": "OPENVAS:1361412562310882283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882283", "title": "CentOS Update for haproxy CESA-2015:1741 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for haproxy CESA-2015:1741 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882283\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-09 06:28:01 +0200 (Wed, 09 Sep 2015)\");\n script_cve_id(\"CVE-2015-3281\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for haproxy CESA-2015:1741 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of haproxy\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"HAProxy provides high availability, load balancing, and proxying for TCP\nand HTTP-based applications.\n\nAn implementation error related to the memory management of request and\nresponses was found within HAProxy's buffer_slow_realign() function.\nAn unauthenticated remote attacker could possibly use this flaw to leak\ncertain memory buffer contents from a past request or session.\n(CVE-2015-3281)\n\nAll haproxy users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"haproxy on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1741\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-September/021378.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"haproxy\", rpm:\"haproxy~1.5.4~4.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:52:49", "bulletinFamily": "scanner", "description": "Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.", "modified": "2017-07-07T00:00:00", "published": "2015-07-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703301", "id": "OPENVAS:703301", "title": "Debian Security Advisory DSA 3301-1 (haproxy - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3301.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3301-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703301);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-3281\");\n script_name(\"Debian Security Advisory DSA 3301-1 (haproxy - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-05 00:00:00 +0200 (Sun, 05 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3301.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"haproxy on Debian Linux\");\n script_tag(name: \"insight\", value: \"HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high\navailability environments. It features connection persistence through HTTP\ncookies, load balancing, header addition, modification, deletion both ways. It\nhas request blocking capabilities and provides interface to display server\nstatus.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 1.5.8-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.14-1.\n\nWe recommend that you upgrade your haproxy packages.\");\n script_tag(name: \"summary\", value: \"Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"haproxy\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"haproxy-dbg\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"haproxy-doc\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-haproxy\", ver:\"1.5.8-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-28T00:00:00", "id": "OPENVAS:1361412562310851120", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851120", "title": "SuSE Update for haproxy openSUSE-SU-2015:1831-1 (haproxy)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_1831_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for haproxy openSUSE-SU-2015:1831-1 (haproxy)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851120\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-28 07:18:30 +0100 (Wed, 28 Oct 2015)\");\n script_cve_id(\"CVE-2015-3281\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for haproxy openSUSE-SU-2015:1831-1 (haproxy)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'haproxy'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"haproxy was updated to fix two security issues.\n\n These security issues were fixed:\n\n - CVE-2015-3281: The buffer_slow_realign function in HAProxy did not\n properly realign a buffer that is used for pending outgoing data, which\n allowed remote attackers to obtain sensitive information (uninitialized\n memory contents of previous requests) via a crafted request (bsc#937042).\n\n - Changed DH parameters to prevent Logjam attack.\n\n These non-security issues were fixed:\n\n - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect\n output data\n\n - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id\n\n - MEDIUM: ssl: replace standards DH groups with custom ones\n\n - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten\n\n - MINOR: ssl: add a destructor to free allocated SSL resources\n\n - BUG/MINOR: ssl: Display correct filename in error message\n\n - MINOR: ssl: load certificates in alphabetical order\n\n - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl\n healthchecks\n\n - BUG/MEDIUM: ssl: force a full GC in case of memory shortage\n\n - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of\n OOM.\n\n - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates\n\n - MINOR: ssl: add statement to force some ssl options in global.\n\n - MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER\n formatted certs\");\n script_tag(name:\"affected\", value:\"haproxy on openSUSE 13.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:1831_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"haproxy\", rpm:\"haproxy~1.5.5~3.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"haproxy-debuginfo\", rpm:\"haproxy-debuginfo~1.5.5~3.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"haproxy-debugsource\", rpm:\"haproxy-debugsource~1.5.5~3.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-09-09T00:00:00", "id": "OPENVAS:1361412562310871450", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871450", "title": "RedHat Update for haproxy RHSA-2015:1741-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for haproxy RHSA-2015:1741-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871450\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-09 06:26:48 +0200 (Wed, 09 Sep 2015)\");\n script_cve_id(\"CVE-2015-3281\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for haproxy RHSA-2015:1741-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'haproxy'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"HAProxy provides high availability, load balancing, and proxying for TCP\nand HTTP-based applications.\n\nAn implementation error related to the memory management of request and\nresponses was found within HAProxy's buffer_slow_realign() function.\nAn unauthenticated remote attacker could possibly use this flaw to leak\ncertain memory buffer contents from a past request or session.\n(CVE-2015-3281)\n\nAll haproxy users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"haproxy on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1741-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-September/msg00016.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"haproxy\", rpm:\"haproxy~1.5.4~4.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"haproxy-debuginfo\", rpm:\"haproxy-debuginfo~1.5.4~4.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:25", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1741", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123008", "title": "Oracle Linux Local Check: ELSA-2015-1741", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1741.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123008\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:35 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1741\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1741 - haproxy security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1741\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1741.html\");\n script_cve_id(\"CVE-2015-3281\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"haproxy\", rpm:\"haproxy~1.5.4~4.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:23", "bulletinFamily": "unix", "description": "It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests.", "modified": "2015-07-07T00:00:00", "published": "2015-07-07T00:00:00", "id": "USN-2668-1", "href": "https://usn.ubuntu.com/2668-1/", "title": "HAProxy vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Under some conditions, data from previous request can be obtained.", "modified": "2015-07-13T00:00:00", "published": "2015-07-13T00:00:00", "id": "SECURITYVULNS:VULN:14578", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14578", "title": "HAProxy information disclosure", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2668-1\r\nJuly 07, 2015\r\n\r\nhaproxy vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.10\r\n\r\nSummary:\r\n\r\nHAProxy could be made to expose sensitive information over the network.\r\n\r\nSoftware Description:\r\n- haproxy: fast and reliable load balancing reverse proxy\r\n\r\nDetails:\r\n\r\nIt was discovered that HAProxy incorrectly handled certain buffers. A\r\nremote attacker could possibly use this issue to obtain sensitive\r\ninformation belonging to previous requests.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n haproxy 1.5.10-1ubuntu0.1\r\n\r\nUbuntu 14.10:\r\n haproxy 1.5.4-1ubuntu2.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2668-1\r\n CVE-2015-3281\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/haproxy/1.5.10-1ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/haproxy/1.5.4-1ubuntu2.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-07-13T00:00:00", "published": "2015-07-13T00:00:00", "id": "SECURITYVULNS:DOC:32312", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32312", "title": "[USN-2668-1] HAProxy vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:56", "bulletinFamily": "unix", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nThe following security issue is addressed with this release:\n\nAn implementation error related to the memory management of request\nand responses was found within HAProxy's buffer_slow_realign()\nfunction. An unauthenticated remote attacker could use this flaw\nto leak certain memory buffer contents from a past request or\nsession. (CVE-2015-3281)\n\nSpace precludes documenting all of the bug fixes in this advisory. See\nthe OpenShift Enterprise Technical Notes, which will be updated\nshortly for release 2.2.8, for details about these changes:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html\n\nAll OpenShift Enterprise 2 users are advised to upgrade to these updated\npackages.\n", "modified": "2018-06-07T08:58:13", "published": "2015-12-17T05:00:00", "id": "RHSA-2015:2666", "href": "https://access.redhat.com/errata/RHSA-2015:2666", "type": "redhat", "title": "(RHSA-2015:2666) Important: Red Hat OpenShift Enterprise 2.2.8 security, bug fix, and enhancement update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:47:10", "bulletinFamily": "unix", "description": "HAProxy provides high availability, load balancing, and proxying for TCP\nand HTTP-based applications.\n\nAn implementation error related to the memory management of request and\nresponses was found within HAProxy's buffer_slow_realign() function.\nAn unauthenticated remote attacker could possibly use this flaw to leak\ncertain memory buffer contents from a past request or session.\n(CVE-2015-3281)\n\nAll haproxy users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n", "modified": "2018-06-09T14:14:48", "published": "2015-09-08T04:00:00", "id": "RHSA-2015:1741", "href": "https://access.redhat.com/errata/RHSA-2015:1741", "type": "redhat", "title": "(RHSA-2015:1741) Important: haproxy security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:11", "bulletinFamily": "unix", "description": "\nHAProxy reports:\n\nA vulnerability was found when HTTP pipelining is used. In\n\t some cases, a client might be able to cause a buffer alignment issue and\n\t retrieve uninitialized memory contents that exhibit data from a past\n\t request or session. I want to address sincere congratulations to Charlie\n\t Smurthwaite of aTech Media for the really detailed traces he provided\n\t which made it possible to find the cause of this bug. Every user of\n\t 1.5-dev, 1.5.x or 1.6-dev must upgrade to 1.5.14 or latest 1.6-dev\n\t snapshot to fix this issue, or use the backport of the fix provided by\n\t their operating system vendors. CVE-2015-3281 was assigned to this bug.\n\n", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "id": "CBFA8BD7-24B6-11E5-86FF-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/cbfa8bd7-24b6-11e5-86ff-14dae9d210b8.html", "title": "haproxy -- information leak vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2016-09-04T11:31:56", "bulletinFamily": "unix", "description": "haproxy was updated to fix two security issues.\n\n These security issues were fixed:\n - CVE-2015-3281: The buffer_slow_realign function in HAProxy did not\n properly realign a buffer that is used for pending outgoing data, which\n allowed remote attackers to obtain sensitive information (uninitialized\n memory contents of previous requests) via a crafted request (bsc#937042).\n - Changed DH parameters to prevent Logjam attack.\n\n These non-security issues were fixed:\n - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect\n output data\n - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id\n - MEDIUM: ssl: replace standards DH groups with custom ones\n - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten\n - MINOR: ssl: add a destructor to free allocated SSL ressources\n - BUG/MINOR: ssl: Display correct filename in error message\n - MINOR: ssl: load certificates in alphabetical order\n - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl\n healthchecks\n - BUG/MEDIUM: ssl: force a full GC in case of memory shortage\n - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of\n OOM.\n - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates\n - MINOR: ssl: add statement to force some ssl options in global.\n - MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER\n formatted certs\n\n", "modified": "2015-10-27T13:10:00", "published": "2015-10-27T13:10:00", "id": "OPENSUSE-SU-2015:1831-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html", "title": "Security update for haproxy (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-04T12:22:34", "bulletinFamily": "unix", "description": "haproxy was updated to fix two security issues.\n\n These security issues were fixed:\n - CVE-2015-3281: Information disclosure (bsc#937042).\n - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937202).\n\n", "modified": "2015-10-01T13:10:26", "published": "2015-10-01T13:10:26", "id": "SUSE-SU-2015:1663-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html", "type": "suse", "title": "Security update for haproxy (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:54", "bulletinFamily": "unix", "description": "[1.5.4-4.1]\n- Fix buffer_slow_realign() function to respect output data (CVE-2015-3281, #1241537)", "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "id": "ELSA-2015-1741", "href": "http://linux.oracle.com/errata/ELSA-2015-1741.html", "title": "haproxy security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:22:25", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3301-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 05, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : haproxy\nCVE ID : CVE-2015-3281\n\nCharlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.5.8-3+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.14-1.\n\nWe recommend that you upgrade your haproxy packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-07-05T04:03:39", "published": "2015-07-05T04:03:39", "id": "DEBIAN:DSA-3301-1:D6C4A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00197.html", "title": "[SECURITY] [DSA 3301-1] haproxy security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-05-29T18:34:47", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1741\n\n\nHAProxy provides high availability, load balancing, and proxying for TCP\nand HTTP-based applications.\n\nAn implementation error related to the memory management of request and\nresponses was found within HAProxy's buffer_slow_realign() function.\nAn unauthenticated remote attacker could possibly use this flaw to leak\ncertain memory buffer contents from a past request or session.\n(CVE-2015-3281)\n\nAll haproxy users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-September/021376.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-September/021378.html\n\n**Affected packages:**\nhaproxy\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1741.html", "modified": "2015-09-08T21:08:02", "published": "2015-09-08T19:57:39", "href": "http://lists.centos.org/pipermail/centos-announce/2015-September/021376.html", "id": "CESA-2015:1741", "title": "haproxy security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}