CVE-2013-1912

Related Files

Gentoo Linux Security Advisory 201307-01

Posted Jul 12, 2013

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201307-1 - Multiple vulnerabilities have been found in HAProxy, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.4.24 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2013-1912, CVE-2013-2175

SHA-256 | 6fbe65c7f8c455d91fb9793263cbcd363c732b4b7cf6a52f71982d44d7efc8bb

Download | Favorite | View

Debian Security Advisory 2711-1

Posted Jun 20, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2711-1 - Multiple security issues have been found in HAProxy, a load-balancing reverse proxy.

tags | advisory

systems | linux, debian

advisories | CVE-2012-2942, CVE-2013-1912, CVE-2013-2175

SHA-256 | 319b470e413067c6dfb06e38f3db14e6a31e3cdbf1d418eaedc13bc17f95e217

Download | Favorite | View

Red Hat Security Advisory 2013-0868-01

Posted May 28, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0868-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP requests. A remote attacker could send pipelined HTTP requests that would cause HAProxy to crash or, potentially, execute arbitrary code with the privileges of the user running HAProxy. This issue only affected systems using all of the following combined configuration options: HTTP keep alive enabled, HTTP keywords in TCP inspection rules, and request appending rules.

tags | advisory, remote, web, overflow, arbitrary, tcp

systems | linux, redhat

advisories | CVE-2013-1912

SHA-256 | a13d26acaf53515c7f910526932accbd0e75fb1f4601b88631fed32c1a9ec19b

Download | Favorite | View

Ubuntu Security Notice USN-1800-1

Posted Apr 16, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1800-1 - It was discovered that HAProxy incorrectly handled configurations where global.tune.bufsize was set to a value higher than the default. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Yves Lafon discovered that HAProxy incorrectly handled HTTP keywords in TCP inspection rules when HTTP keep-alive is enabled. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, tcp

systems | linux, ubuntu

advisories | CVE-2012-2942, CVE-2013-1912, CVE-2012-2942, CVE-2013-1912

SHA-256 | a60d264b8f58648cf2e1c8ac5fae817c04ec3e22d7d7a0a9a2bd2e8003c7f1ff

Download | Favorite | View

Red Hat Security Advisory 2013-0729-01

Posted Apr 10, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0729-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP requests. A remote attacker could send pipelined HTTP requests that would cause HAProxy to crash or, potentially, execute arbitrary code with the privileges of the user running HAProxy. This issue only affected systems using all of the following combined configuration options: HTTP keep alive enabled, HTTP keywords in TCP inspection rules, and request appending rules.

tags | advisory, remote, web, overflow, arbitrary, tcp

systems | linux, redhat

advisories | CVE-2013-1912

SHA-256 | 41854353e6a0e4c5359c5ebbe5184c2f1dad84beadf5a5ac0c893ee8df873595

Download | Favorite | View