CVE-2013-1912

2013-04-1000:00:00

ubuntu.com

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.086

Percentile

94.5%

JSON

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through
1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP
inspection rules, and running with rewrite rules that appends to requests,
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via crafted pipelined HTTP requests that prevent
request realignment from occurring.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704611>

OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchhaproxy< 1.4.15-1ubuntu0.1UNKNOWN
ubuntu12.04noarchhaproxy< 1.4.18-0ubuntu1.1UNKNOWN
ubuntu12.10noarchhaproxy< 1.4.18-0ubuntu2.1UNKNOWN
ubuntu13.04noarchhaproxy< 1.4.18-0ubuntu3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	11.10	noarch	haproxy	< 1.4.15-1ubuntu0.1	UNKNOWN
ubuntu	12.04	noarch	haproxy	< 1.4.18-0ubuntu1.1	UNKNOWN
ubuntu	12.10	noarch	haproxy	< 1.4.18-0ubuntu2.1	UNKNOWN
ubuntu	13.04	noarch	haproxy	< 1.4.18-0ubuntu3	UNKNOWN