CVE-2013-1912
Last modified
CVE-2013-1912 is a vulnerability of currently unknown severity. Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.. EPSS estimates a 5.42% chance of exploitation in the next 30 days.
Description
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Haproxy | Haproxy | 1.4 | — |
| Haproxy | Haproxy | 1.4.20 | — |
| Haproxy | Haproxy | 1.4.22 | — |
| Haproxy | Haproxy | 1.5 | Dev |
References
- http://rhn.redhat.com/errata/RHSA-2013-0729.htmlVendor Advisory
- http://secunia.com/advisories/52725Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0729.htmlVendor Advisory
- http://secunia.com/advisories/52725Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-1912?
How severe is CVE-2013-1912?
How do I fix CVE-2013-1912?
Are you affected by CVE-2013-1912?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST