CVE-2013-1912

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103770.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103794.html

http://rhn.redhat.com/errata/RHSA-2013-0729.html

http://rhn.redhat.com/errata/RHSA-2013-0868.html

http://secunia.com/advisories/52725

http://www.debian.org/security/2013/dsa-2711

http://www.openwall.com/lists/oss-security/2013/04/03/1

http://www.securityfocus.com/bid/58820

http://www.ubuntu.com/usn/USN-1800-1

Details

Source: MITRE

Published: 2013-04-10

Updated: 2013-12-01

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
119439RHEL 6 : haproxy (RHSA-2013:0729)NessusRed Hat Local Security Checks
medium
67252GLSA-201307-01 : HAProxy: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
6906HAProxy 'tcp-request content' Buffer Overflow VulnerabilityNessus Network MonitorWeb Servers
medium
66936Debian DSA-2711-1 : haproxy - several vulnerabilitiesNessusDebian Local Security Checks
medium
66673CentOS 6 : haproxy (CESA-2013:0868)NessusCentOS Local Security Checks
medium
66663Scientific Linux Security Update : haproxy on SL6.x i386/x86_64 (20130528)NessusScientific Linux Local Security Checks
medium
66659RHEL 6 : haproxy (RHSA-2013:0868)NessusRed Hat Local Security Checks
medium
66245Fedora 19 : haproxy-1.4.23-2.fc19 (2013-6253)NessusFedora Local Security Checks
medium
66242Fedora 17 : haproxy-1.4.23-1.fc17 (2013-4827)NessusFedora Local Security Checks
medium
66241Fedora 18 : haproxy-1.4.23-1.fc18 (2013-4807)NessusFedora Local Security Checks
medium
65980Ubuntu 11.10 / 12.04 LTS / 12.10 : haproxy vulnerabilities (USN-1800-1)NessusUbuntu Local Security Checks
medium