CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2015-3281 – haproxy: information leak in buffer_slow_realign()
https://notcve.org/view.php?id=CVE-2015-3281
06 Jul 2015 — The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. La función buffer_slow_realign en HAProxy 1.5.x anterior a 1.5.14 y 1.6-dev no realinea correctamente un buffer que es utilizado para datos salientes pendientes, lo que permite a atacantes remotos obtener información sensib... • http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2014-6269 – haproxy: remote client denial of service vulnerability
https://notcve.org/view.php?id=CVE-2014-6269
24 Sep 2014 — Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. Múltiples desbordamientos de enteros en la función http_request_forward_body en proto_http.c en HAProxy 1.5-dev23 anterior a 1.5.4 permiten a atacantes remotos causar una denegación de servicio (caída) a través de un flujo grande de datos, lo qu... • http://article.gmane.org/gmane.comp.web.haproxy/17726 • CWE-189: Numeric Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2013-2175 – haproxy: http_get_hdr()/get_ip_from_hdr2() MAX_HDR_HISTORY handling denial of service
https://notcve.org/view.php?id=CVE-2013-2175
20 Jun 2013 — HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. HAProxy 1.4 anteiror a 1.4.24 y 1.5 anteiror a 1.5-dev19, cuando es configurado para usar el hdr_ip u otras funciones "hdr_*" con una cuenta de ocurrencia negativa, permite a atacantes... • http://marc.info/?l=haproxy&m=137147915029705&w=2 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1912 – haproxy: rewrite rules flaw can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2013-1912
10 Apr 2013 — Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. Desbordamiento de búfer en HAProxy v1.4 y v1.5 mediante v1.5-dev17 través de 1.5-dev17 al mantenimiento de conexión es... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •