CVE-2015-3281

Опубликовано: 06 июл. 2015

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

Ссылки

http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1741.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2666.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3301
Third Party Advisory
http://www.haproxy.org/news.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/75554
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2668-1
Third Party Advisory
http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1741.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2666.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3301
Third Party Advisory
http://www.haproxy.org/news.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/75554
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2668-1
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:haproxy:haproxy:1.5:dev:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev0:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev1:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev10:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev11:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev12:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev13:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev14:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev15:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev16:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev17:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev18:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev19:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev2:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev3:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev4:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev5:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev6:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev7:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev8:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5:dev9:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.9:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.10:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.11:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.12:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.5.13:*:*:*:*:*:*:*

cpe:2.3:a:haproxy:haproxy:1.6:dev0:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:opensuse:openstack_cloud:5:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00094

Низкий

5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2015-3281

ubuntu

около 10 лет назад

CVE-2015-3281

redhat

около 10 лет назад

CVE-2015-3281

debian

около 10 лет назад

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1. ...

GHSA-ffg4-hmhr-qr79

github

больше 3 лет назад

ELSA-2015-1741

oracle-oval

почти 10 лет назад

ELSA-2015-1741: haproxy security update (IMPORTANT)

EPSS

Процентиль: 27%

0.00094

Низкий

5 Medium

CVSS2

Дефекты

CWE-119