Lucene search
RedhatCVE-2015-3281HistoryJul 06, 2015 - 3:59 p.m.
CVE-2015-3281
2015-07-0615:59:06
CWE-119
redhat
web.nvd.nist.gov
67
cve-2015-3281
haproxy
buffer_slow_realign
security
vulnerability
remote attackers
uninitialized memory
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0.003
Percentile
71.4%
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
Affected configurations
Node
debiandebian_linuxMatch8.0
Node
haproxyhaproxyMatch1.5dev
ORhaproxyhaproxyMatch1.5dev0
ORhaproxyhaproxyMatch1.5dev1
ORhaproxyhaproxyMatch1.5dev10
ORhaproxyhaproxyMatch1.5dev11
ORhaproxyhaproxyMatch1.5dev12
ORhaproxyhaproxyMatch1.5dev13
ORhaproxyhaproxyMatch1.5dev14
ORhaproxyhaproxyMatch1.5dev15
ORhaproxyhaproxyMatch1.5dev16
ORhaproxyhaproxyMatch1.5dev17
ORhaproxyhaproxyMatch1.5dev18
ORhaproxyhaproxyMatch1.5dev19
ORhaproxyhaproxyMatch1.5dev2
ORhaproxyhaproxyMatch1.5dev3
ORhaproxyhaproxyMatch1.5dev4
ORhaproxyhaproxyMatch1.5dev5
ORhaproxyhaproxyMatch1.5dev6
ORhaproxyhaproxyMatch1.5dev7
ORhaproxyhaproxyMatch1.5dev8
ORhaproxyhaproxyMatch1.5dev9
ORhaproxyhaproxyMatch1.5.0
ORhaproxyhaproxyMatch1.5.1
ORhaproxyhaproxyMatch1.5.2
ORhaproxyhaproxyMatch1.5.3
ORhaproxyhaproxyMatch1.5.4
ORhaproxyhaproxyMatch1.5.5
ORhaproxyhaproxyMatch1.5.6
ORhaproxyhaproxyMatch1.5.7
ORhaproxyhaproxyMatch1.5.8
ORhaproxyhaproxyMatch1.5.9
ORhaproxyhaproxyMatch1.5.10
ORhaproxyhaproxyMatch1.5.11
ORhaproxyhaproxyMatch1.5.12
ORhaproxyhaproxyMatch1.5.13
ORhaproxyhaproxyMatch1.6dev0
Node
canonicalubuntu_linuxMatch14.10
ORcanonicalubuntu_linuxMatch15.04
Node
opensuseopenstack_cloudMatch5
ORopensuseopensuseMatch13.2
ORsuselinux_enterprise_high_availability_extensionMatch12
Node
redhatenterprise_linux_desktopMatch7.0
ORredhatenterprise_linux_serverMatch7.0
ORredhatenterprise_linux_server_ausMatch7.3
ORredhatenterprise_linux_server_ausMatch7.4
ORredhatenterprise_linux_server_ausMatch7.6
ORredhatenterprise_linux_server_eusMatch7.1
ORredhatenterprise_linux_server_eusMatch7.2
ORredhatenterprise_linux_server_eusMatch7.3
ORredhatenterprise_linux_server_eusMatch7.4
ORredhatenterprise_linux_server_eusMatch7.5
ORredhatenterprise_linux_server_eusMatch7.6
ORredhatenterprise_linux_server_tusMatch7.3
ORredhatenterprise_linux_server_tusMatch7.6
ORredhatenterprise_linux_workstationMatch7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| haproxy | haproxy | 1.5 | cpe:2.3:a:haproxy:haproxy:1.5:dev:*:*:*:*:*:* |
| haproxy | haproxy | 1.5 | cpe:2.3:a:haproxy:haproxy:1.5:dev0:*:*:*:*:*:* |
| haproxy | haproxy | 1.5 | cpe:2.3:a:haproxy:haproxy:1.5:dev1:*:*:*:*:*:* |
| haproxy | haproxy | 1.5 | cpe:2.3:a:haproxy:haproxy:1.5:dev10:*:*:*:*:*:* |
| haproxy | haproxy | 1.5 | cpe:2.3:a:haproxy:haproxy:1.5:dev11:*:*:*:*:*:* |
| haproxy | haproxy | 1.5 | cpe:2.3:a:haproxy:haproxy:1.5:dev12:*:*:*:*:*:* |
| haproxy | haproxy | 1.5 | cpe:2.3:a:haproxy:haproxy:1.5:dev13:*:*:*:*:*:* |
| haproxy | haproxy | 1.5 | cpe:2.3:a:haproxy:haproxy:1.5:dev14:*:*:*:*:*:* |
| haproxy | haproxy | 1.5 | cpe:2.3:a:haproxy:haproxy:1.5:dev15:*:*:*:*:*:* |
References
git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4
lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html
rhn.redhat.com/errata/RHSA-2015-1741.html
rhn.redhat.com/errata/RHSA-2015-2666.html
www.debian.org/security/2015/dsa-3301
www.haproxy.org/news.html
www.securityfocus.com/bid/75554
www.ubuntu.com/usn/USN-2668-1
Related
openvas
openvas
CentOS Update for haproxy CESA-2015:1741 centos6
2015-09-09 00:00:00
openSUSE: Security Advisory for haproxy (openSUSE-SU-2015:1831-1)
2015-10-28 00:00:00
Fedora Update for haproxy FEDORA-2015-11267
2015-07-30 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: haproxy-1.5.14-1.fc21
2015-07-29 01:43:56
[SECURITY] Fedora 22 Update: haproxy-1.5.14-1.fc22
2015-07-29 01:46:35
nessus
nessus
Scientific Linux Security Update : haproxy on SL6.x, SL7.x i386/x86_64 (20150908)
2015-09-09 00:00:00
Ubuntu 14.10 / 15.04 : haproxy vulnerability (USN-2668-1)
2015-07-08 00:00:00
Oracle Linux 7 : haproxy (ELSA-2015-1741)
2015-09-09 00:00:00
centos
centos
haproxy security update
2015-09-08 19:57:39
debiancve
debiancve
CVE-2015-3281
2015-07-06 15:59:06
securityvulns
securityvulns
[USN-2668-1] HAProxy vulnerability
2015-07-13 00:00:00
HAProxy information disclosure
2015-07-13 00:00:00
cvelist
cvelist
CVE-2015-3281
2015-07-06 14:55:00
cloudfoundry
cloudfoundry
CVE-2015-3281 HAProxy vulnerabilities | Cloud Foundry
2017-04-04 00:00:00
ubuntucve
ubuntucve
CVE-2015-3281
2015-07-06 00:00:00
debian
debian
[SECURITY] [DSA 3301-1] haproxy security update
2015-07-05 04:03:21
[SECURITY] [DSA 3301-1] haproxy security update
2015-07-05 04:03:21
nvd
nvd
CVE-2015-3281
2015-07-06 15:59:06
suse
suse
Security update for haproxy (important)
2015-10-27 13:10:00
Security update for haproxy (important)
2015-10-01 13:10:26
osv
osv
haproxy - security update
2015-07-05 00:00:00
haproxy-1.7.0-1.1 on GA media
2024-06-15 00:00:00
freebsd
freebsd
haproxy -- information leak vulnerability
2015-07-02 00:00:00
redhat
redhat
archlinux
archlinux
haproxy: information leakage
2015-07-04 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:07:36
ubuntu
ubuntu
HAProxy vulnerability
2015-07-07 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-07-06 15:59:00
oraclelinux
oraclelinux
haproxy security update
2015-09-08 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0.003
Percentile
71.4%
Related for CVE-2015-3281