CRLF Injection

haproxy is vulnerable to CRLF injection. The HTTP/2 implementation is vulnerable to intermediary encapsulation attacks due to lack of validation for CRLF characters, zero and null characters in headers,...

RHEL 7 / 8 : OpenShift Container Platform 4.4.3 haproxy (RHSA-2020:1936)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1936 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.4.3 haproxy security update

An update for haproxy is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2020-5891

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile...

CVE-2020-5891

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile...

CVE-2020-5875

On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel TMM may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy...

Design/Logic Flaw

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile...

Design/Logic Flaw

On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel TMM may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy...

CVE-2020-5891

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile...

CVE-2020-5891

CVE-2020-5891 affects BIG-IP: vulnerable in 14.1.0–14.1.2.3, 15.0.0–15.0.1.2, 15.1.0–15.1.0.1; exploitation via undisclosed HTTP/2 requests to a virtual server with a server-side HTTP/2 profile and Fallback Host can cause TMM to crash/restart (DoS). Remediation per advisory: upgrade to fixed vers...

CVE-2020-5875

On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel TMM may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy...

CVE-2020-5875

CVE-2020-5875 affects BIG-IP TMM when HTTP/2 full proxy is used, potentially causing a core file and restart during SSL traffic processing. Affected: BIG-IP 15.0.0–15.0.1 and 14.1.0–14.1.2.3. Remediation per advisory: upgrade to versions listed as fixes — 15.1.0 for 15.x, and 14.1.2.42 (14.x) (no...

CVE-2020-5871

On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...

Code injection

On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...

CVE-2020-5871

On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...

CVE-2020-5871

CVE-2020-5871 affects BIG-IP products (TMM) with HTTP/2 on 14.1.0–14.1.2.x. The issue is a data-plane DoS when undisclosed HTTP/2 requests use back-end-cipher suites that are blacklisted by RFC 7540. Impact: potential temporary failure to process traffic after TMM restart and possible HA failover...

F5 Networks BIG-IP : TMM vulnerability (K43450419)

Undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane exposure. CVE-2020-5871 Impact...

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K65372933)

Under certain conditions, the Traffic Management Microkernel TMM may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy. CVE-2020-5875 Impact If you have enabled HTTP/2, Message Routing Framework MRF, and SSL, a certain request sequence can trigger a condition...

Apache Traffic Server (ATS) HTTP/2 DoS Vulnerability

Apache Traffic Server is prone to a denial of service vulnerability due to HTTP/2 slow read attack. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Moderate: Red Hat Security Advisory: haproxy security, bug fix, and enhancement update

An update for haproxy is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...