Информационная безопасность
[RU] switch to English


Уязвимости безопасности в HAProxy
дополнено с 6 мая 2013 г.
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13061
Тип:удаленная
Уровень опасности:
6/10
Описание:Несколько повреждений памяти.
Затронутые продукты:HAPROXY : haproxy 1.4
 HAPROXY : haproxy 1.5
CVE:CVE-2013-2175 (HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.)
 CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.)
 CVE-2012-2942 (Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.)
Оригинальный текстdocumentUBUNTU, [USN-1889-1] HAProxy vulnerability (01.07.2013)
 documentUBUNTU, [USN-1800-1] HAProxy vulnerabilities (06.05.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород