CVE-2013-2175

EPSS 0.08%
Veröffentlicht 19.08.2013 13:07:58
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version6.0

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version12.10

Canonical ≫ Ubuntu Linux Version13.04

Redhat ≫ Enterprise Linux Load Balancer Version6.0

Redhat ≫ Enterprise Linux Load Balancer Version6.4

Haproxy ≫ Haproxy Version1.4

Haproxy ≫ Haproxy Version1.4.0

Haproxy ≫ Haproxy Version1.4.1

Haproxy ≫ Haproxy Version1.4.2

Haproxy ≫ Haproxy Version1.4.3

Haproxy ≫ Haproxy Version1.4.4

Haproxy ≫ Haproxy Version1.4.5

Haproxy ≫ Haproxy Version1.4.6

Haproxy ≫ Haproxy Version1.4.7

Haproxy ≫ Haproxy Version1.4.8

Haproxy ≫ Haproxy Version1.4.9

Haproxy ≫ Haproxy Version1.4.10

Haproxy ≫ Haproxy Version1.4.11

Haproxy ≫ Haproxy Version1.4.12

Haproxy ≫ Haproxy Version1.4.13

Haproxy ≫ Haproxy Version1.4.14

Haproxy ≫ Haproxy Version1.4.15

Haproxy ≫ Haproxy Version1.4.16

Haproxy ≫ Haproxy Version1.4.17

Haproxy ≫ Haproxy Version1.4.18

Haproxy ≫ Haproxy Version1.4.19

Haproxy ≫ Haproxy Version1.4.20

Haproxy ≫ Haproxy Version1.4.21

Haproxy ≫ Haproxy Version1.4.22

Haproxy ≫ Haproxy Version1.4.23

Haproxy ≫ Haproxy Version1.5 Updatedev

Haproxy ≫ Haproxy Version1.5 Updatedev0

Haproxy ≫ Haproxy Version1.5 Updatedev1

Haproxy ≫ Haproxy Version1.5 Updatedev10

Haproxy ≫ Haproxy Version1.5 Updatedev11

Haproxy ≫ Haproxy Version1.5 Updatedev12

Haproxy ≫ Haproxy Version1.5 Updatedev13

Haproxy ≫ Haproxy Version1.5 Updatedev14

Haproxy ≫ Haproxy Version1.5 Updatedev15

Haproxy ≫ Haproxy Version1.5 Updatedev16

Haproxy ≫ Haproxy Version1.5 Updatedev17

Haproxy ≫ Haproxy Version1.5 Updatedev18

Haproxy ≫ Haproxy Version1.5 Updatedev2

Haproxy ≫ Haproxy Version1.5 Updatedev3

Haproxy ≫ Haproxy Version1.5 Updatedev4

Haproxy ≫ Haproxy Version1.5 Updatedev5

Haproxy ≫ Haproxy Version1.5 Updatedev6

Haproxy ≫ Haproxy Version1.5 Updatedev7

Haproxy ≫ Haproxy Version1.5 Updatedev8

Haproxy ≫ Haproxy Version1.5 Updatedev9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.199

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.debian.org/security/2013/dsa-2711

Third Party Advisory

http://marc.info/?l=haproxy&m=137147915029705&w=2

Patch

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1120.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1204.html

Third Party Advisory

http://secunia.com/advisories/54344