CVE-2015-3281 HAProxy vulnerabilities
- HAProxy 1.5.x
It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests.
Affected Products and Versions
Severity is medium unless otherwise noted.
- cf-release versions prior to v252
- routing-release versions prior to v0.144.0
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry Runtime Deployments run with cf-release 252 or later
- Consumers of standalone routing-release should upgrade to v0.144.0 or later
2015-07-10: Notice initially published
2017-04-04: Notice updated with instructions to update cf-release and routing-release