CVE-2015-3281 HAProxy vulnerabilities

Severity

Medium

Vendor

HAProxy

Versions Affected

HAProxy 1.5.x

Description

It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests.

Affected Products and Versions

Severity is medium unless otherwise noted.

cf-release versions prior to v252
routing-release versions prior to v0.144.0

Mitigation

Users of affected versions should apply the following mitigation:

The Cloud Foundry project recommends that Cloud Foundry Runtime Deployments run with cf-release 252 or later
Consumers of standalone routing-release should upgrade to v0.144.0 or later

References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3281
https://bosh.io/
https://github.com/cloudfoundry/cf-release
https://github.com/cloudfoundry-incubator/routing-release/releases

History

2015-07-10: Notice initially published

2017-04-04: Notice updated with instructions to update cf-release and routing-release

CVE-2015-3281 HAProxy vulnerabilities

CVE-2015-3281 HAProxy vulnerabilities

Severity

Vendor

Versions Affected

Description

Affected Products and Versions

Mitigation

References

History

You Might Also Like

USN-5320-1: Expat vulnerabilities and regression

USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities

USN-5732-1: Unbound vulnerability

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!