CVE-2015-3281 – haproxy: information leak in buffer_slow_realign()
https://notcve.org/view.php?id=CVE-2015-3281
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. La función buffer_slow_realign en HAProxy 1.5.x anterior a 1.5.14 y 1.6-dev no realinea correctamente un buffer que es utilizado para datos salientes pendientes, lo que permite a atacantes remotos obtener información sensible (contenidos de memoria no inicializada de solicitudes previas) a través de una solicitud manipulada. An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session. • http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html http://rhn.redhat.com/errata/RHSA-2015-1741.html http://rhn.redhat.com/errata/RHSA-2015-2666.html http://www.debian.org/security/2015/dsa-3301 http://www.haproxy.org/news.html http://www.securityfocus.com/bid/75554 http://www.ubuntu.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-6269 – haproxy: remote client denial of service vulnerability
https://notcve.org/view.php?id=CVE-2014-6269
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. Múltiples desbordamientos de enteros en la función http_request_forward_body en proto_http.c en HAProxy 1.5-dev23 anterior a 1.5.4 permiten a atacantes remotos causar una denegación de servicio (caída) a través de un flujo grande de datos, lo que provoca un desbordamiento de buffer y una lectura fuera de rango. A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy. • http://article.gmane.org/gmane.comp.web.haproxy/17726 http://article.gmane.org/gmane.comp.web.haproxy/18097 http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commitdiff%3Bh=b4d05093bc89f71377230228007e69a1434c1a0c http://rhn.redhat.com/errata/RHSA-2014-1292.html http://secunia.com/advisories/59936 http://secunia.com/advisories/61507 http://www.openwall.com/lists/oss-security/2014/09/09/23 https://access.redhat.com/security/cve/CVE-2014-6269 https://bugzilla.redhat.com/show_bug.cgi • CWE-189: Numeric Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2013-2175 – haproxy: http_get_hdr()/get_ip_from_hdr2() MAX_HDR_HISTORY handling denial of service
https://notcve.org/view.php?id=CVE-2013-2175
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. HAProxy 1.4 anteiror a 1.4.24 y 1.5 anteiror a 1.5-dev19, cuando es configurado para usar el hdr_ip u otras funciones "hdr_*" con una cuenta de ocurrencia negativa, permite a atacantes remotos provocar una denegación de servicio (uso de indexación negativa de array y caída) a través de una cabecera HTTP con un número determinado de valores. Relacionado con la variable MAX_HDR_HISTORY. • http://marc.info/?l=haproxy&m=137147915029705&w=2 http://rhn.redhat.com/errata/RHSA-2013-1120.html http://rhn.redhat.com/errata/RHSA-2013-1204.html http://secunia.com/advisories/54344 http://www.debian.org/security/2013/dsa-2711 http://www.ubuntu.com/usn/USN-1889-1 https://bugzilla.redhat.com/show_bug.cgi?id=974259 https://access.redhat.com/security/cve/CVE-2013-2175 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVE-2013-1912 – haproxy: rewrite rules flaw can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2013-1912
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. Desbordamiento de búfer en HAProxy v1.4 y v1.5 mediante v1.5-dev17 través de 1.5-dev17 al mantenimiento de conexión está habilitado, mediante palabras clave HTTP en las reglas de inspección de TCP, y corriendo con las reglas con reescritura, que se anexan a las solicitudes, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de peticiones pipeline HTTP diseñadas a medida que se produzca la realineación. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103770.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103794.html http://rhn.redhat.com/errata/RHSA-2013-0729.html http://rhn.redhat.com/errata/RHSA-2013-0868.html http://secunia.com/advisories/52725 http://www.debian.org/security/2013/dsa-2711 http://www.openwall.com/lists/oss-security/2013/04/03/1 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2942
https://notcve.org/view.php?id=CVE-2012-2942
Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el trash buffer en la funcionalidad de captura de cabecera en HAProxy antes v1.4.21, cuando global.tune.bufsize se establece en un valor mayor que el valor predeterminado y la reescritura de cabecera está activada, permite a atacantes remotos provocar una denegación de servicio y, posiblemente, ejecutar código arbitrario a través de vectores no especificados. • http://haproxy.1wt.eu/#news http://haproxy.1wt.eu/download/1.4/src/CHANGELOG http://haproxy.1wt.eu/git?p=haproxy-1.4.git%3Ba=commit%3Bh=30297cb17147a8d339eb160226bcc08c91d9530b http://secunia.com/advisories/49261 http://security.gentoo.org/glsa/glsa-201301-02.xml http://www.debian.org/security/2013/dsa-2711 http://www.openwall.com/lists/oss-security/2012/05/23/12 http://www.openwall.com/lists/oss-security/2012/05/23/15 http://www.openwall.com/lists/oss-security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •