CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2013-2175 – haproxy: http_get_hdr()/get_ip_from_hdr2() MAX_HDR_HISTORY handling denial of service
https://notcve.org/view.php?id=CVE-2013-2175
20 Jun 2013 — HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. HAProxy 1.4 anteiror a 1.4.24 y 1.5 anteiror a 1.5-dev19, cuando es configurado para usar el hdr_ip u otras funciones "hdr_*" con una cuenta de ocurrencia negativa, permite a atacantes... • http://marc.info/?l=haproxy&m=137147915029705&w=2 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1912 – haproxy: rewrite rules flaw can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2013-1912
10 Apr 2013 — Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. Desbordamiento de búfer en HAProxy v1.4 y v1.5 mediante v1.5-dev17 través de 1.5-dev17 al mantenimiento de conexión es... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2942 – Debian Security Advisory 2711-1
https://notcve.org/view.php?id=CVE-2012-2942
27 May 2012 — Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el trash buffer en la funcionalidad de captura de cabecera en HAProxy antes v1.4.21, cuando global.tune.bufsize se establece en un valor mayor que el valor predeterminado y... • http://haproxy.1wt.eu/#news • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •