Lucene search

K

[email protected]NVD:CVE-2013-1912

HistoryApr 10, 2013 - 3:55 p.m.

CVE-2013-1912

2013-04-1015:55:15

CWE-119

[email protected]

web.nvd.nist.gov

6

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.086

Percentile

94.5%

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.

Affected configurations

Nvd

Node

haproxyhaproxyMatch1.4

OR

haproxyhaproxyMatch1.4.20

OR

haproxyhaproxyMatch1.4.22

OR

haproxyhaproxyMatch1.5dev

OR

haproxyhaproxyMatch1.5dev17

References

lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/103770.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/103794.html

rhn.redhat.com/errata/RHSA-2013-0729.html

rhn.redhat.com/errata/RHSA-2013-0868.html

secunia.com/advisories/52725

www.debian.org/security/2013/dsa-2711

www.openwall.com/lists/oss-security/2013/04/03/1

www.securityfocus.com/bid/58820

www.ubuntu.com/usn/USN-1800-1

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.086

Percentile

94.5%

Related for NVD:CVE-2013-1912

redhat2 cve1 nessus10 openvas15 cvelist1 fedora5 veracode1 ubuntucve1 prion1 centos1 debiancve1 gentoo1 ubuntu1 securityvulns2 osv1 debian1