Cloud Foundry Logo
blog single gear
Security Advisory

CVE-2015-3281 HAProxy vulnerabilities

CVE-2015-3281 HAProxy vulnerabilities

Severity

Medium

Vendor

HAProxy

Versions Affected

  • HAProxy 1.5.x

Description

It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests.

Affected Products and Versions

Severity is medium unless otherwise noted.

  • cf-release versions prior to v252
  • routing-release versions prior to v0.144.0

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry Runtime Deployments run with cf-release 252 or later
  • Consumers of standalone routing-release should upgrade to v0.144.0 or later

References

History

2015-07-10: Notice initially published

2017-04-04: Notice updated with instructions to update cf-release and routing-release

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES