[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-2942

Date: (C)2012-05-27   (M)2017-08-29
 
CVSS Score: 5.1Access Vector: NETWORK
Exploitability Subscore: 4.9Access Complexity: HIGH
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.

Reference:
SECUNIA-49261
BID-53647
DSA-2711
GLSA-201301-02
USN-1800-1
http://www.openwall.com/lists/oss-security/2012/05/23/12
http://www.openwall.com/lists/oss-security/2012/05/23/15
http://www.openwall.com/lists/oss-security/2012/05/28/1
haproxy-trash-bo(75777)
http://haproxy.1wt.eu/#news
http://haproxy.1wt.eu/download/1.4/src/CHANGELOG
http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b

CPE    1
cpe:/a:haproxy:haproxy:1.4.20
CWE    1
CWE-119
OVAL    7
oval:org.secpod.oval:def:104251
oval:org.secpod.oval:def:701254
oval:org.secpod.oval:def:6205
oval:org.secpod.oval:def:601059
...

© 2013 SecPod Technologies