CVE-2018-11469 – haproxy: Information disclosure in check_request_for_cacheability function in proto_http.c
https://notcve.org/view.php?id=CVE-2018-11469
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. El cacheado incorrecto de respuestas a peticiones que incluyen una cabecera Authorization en HAProxy, de la versión 1.8.0 hasta la 1.8.9 (si cache está habilitado) permite que los atacantes logren la divulgación de información mediante una petición remota no autenticada. Esto está relacionado con la función check_request_for_cacheability en proto_http.c. • http://www.securityfocus.com/bid/104347 https://access.redhat.com/errata/RHSA-2019:1436 https://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=17514045e5d934dede62116216c1b016fe23dd06 https://usn.ubuntu.com/3663-1 https://access.redhat.com/security/cve/CVE-2018-11469 https://bugzilla.redhat.com/show_bug.cgi?id=1582635 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-10184 – haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-10184
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain. Se ha descubierto un problema en versiones anteriores a la 1.8.8 de HAProxy. • http://git.haproxy.org/?p=haproxy-1.8.git%3Ba=commit%3Bh=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28 http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588 https://access.redhat.com/errata/RHSA-2018:1372 https://access.redhat.com/security/cve/CVE-2018-10184 https://bugzilla.redhat.com/show_bug.cgi?id=1569297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2016-2102
https://notcve.org/view.php?id=CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. Las estadísticas HAProxy en openstack-tripleo-image-elements no se autentican en la red. • https://bugzilla.redhat.com/show_bug.cgi?id=1311145 • CWE-287: Improper Authentication •
CVE-2016-5360
https://notcve.org/view.php?id=CVE-2016-5360
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors. HAproxy 1.6.x en versiones anteriores a 1.6.6, cuando una denegación viene de una regla reqdeny, permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada y caída) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://git.haproxy.org/?p=haproxy-1.6.git%3Ba=commit%3Bh=60f01f8c89e4fb2723d5a9f2046286e699567e0b http://www.openwall.com/lists/oss-security/2016/06/09/5 http://www.openwall.com/lists/oss-security/2016/06/09/6 http://www.ubuntu.com/usn/USN-3011-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3281 – haproxy: information leak in buffer_slow_realign()
https://notcve.org/view.php?id=CVE-2015-3281
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. La función buffer_slow_realign en HAProxy 1.5.x anterior a 1.5.14 y 1.6-dev no realinea correctamente un buffer que es utilizado para datos salientes pendientes, lo que permite a atacantes remotos obtener información sensible (contenidos de memoria no inicializada de solicitudes previas) a través de una solicitud manipulada. An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session. • http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html http://rhn.redhat.com/errata/RHSA-2015-1741.html http://rhn.redhat.com/errata/RHSA-2015-2666.html http://www.debian.org/security/2015/dsa-3301 http://www.haproxy.org/news.html http://www.securityfocus.com/bid/75554 http://www.ubuntu.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •